2.2.9 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE'

Information

The SEC_CASE_SENSITIVE_LOGON information determines whether or not case-sensitivity is required for passwords during login.

Note: This parameter has been deprecated in 12.1 and higher versions.

Rationale:

Oracle database password case-sensitivity increases the pool of characters that can be chosen for the passwords, making brute-force password attacks quite difficult.

Solution

To remediate this setting, execute the following SQL statement.

ALTER SYSTEM SET SEC_CASE_SENSITIVE_LOGON = TRUE SCOPE = SPFILE;

See Also

https://workbench.cisecurity.org/benchmarks/13413

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv6|16, CSCv7|4.4

Plugin: OracleDB

Control ID: 2ecbc77277915a84841d48b0bb818e9653e4eaf63a91eee0cbd1b29d1aade00b