Information
The SEC_MAX_FAILED_LOGIN_ATTEMPTS parameter determines how many failed login attempts are allowed before Oracle closes the login connection.
Rationale:
Allowing an unlimited number of login attempts for a user connection can facilitate both brute-force login attacks and the occurrence of denial-of-service.
Solution
To remediate this setting, execute the following SQL statement.
ALTER SYSTEM SET SEC_MAX_FAILED_LOGIN_ATTEMPTS = 3 SCOPE = SPFILE;
References:
http://docs.oracle.com/database/121/REFRN/GUID-DEC2A3B2-F49B-499E-A3CF-D097F3A5BA83.htm#REFRN10274