Information
The PASSWORD_REUSE_MAX setting determines how many different passwords must be used before the user is allowed to reuse a prior password. The suggested value for this is 20 passwords or greater.
Rationale:
Allowing reuse of a password within a short period of time after the password's initial use can make the success of both social-engineering and brute-force password-based attacks more likely.
Solution
Remediate this setting by executing the following SQL statement for each PROFILE returned by the audit procedure.
ALTER PROFILE <profile_name> LIMIT PASSWORD_REUSE_MAX 20;
Notes:
The above restriction should be applied along with the PASSWORD_REUSE_TIME setting.