3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'

Information

Default passwords should not be used by Oracle database users.

Rationale:

Default passwords should be considered 'well known' to attackers. Consequently, if default passwords remain in place, any attacker with access to the database can authenticate as the user with that default password.

Solution

To remediate this setting, execute the following SQL statement for each PROFILE returned by the audit procedure.

ALTER PROFILE <profile_name> LIMIT INACTIVE_ACCOUNT_TIME 120;

See Also

https://workbench.cisecurity.org/benchmarks/13413

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

References: 800-53|AC-2(3), 800-53|IA-5, CSCv6|5.3, CSCv6|18, CSCv7|4.2, CSCv7|16.9

Plugin: OracleDB

Control ID: f531ab511869fce7c35b844f891b20da20041e65ca4a3b3391a77510336f5aa9