2.2.9 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE'

Information

The SEC_CASE_SENSITIVE_LOGON information determines whether or not case-sensitivity is required for passwords during login.

Note: This parameter has been deprecated in 12.1 and higher versions.

Oracle database password case-sensitivity increases the pool of characters that can be chosen for the passwords, making brute-force password attacks quite difficult.

Solution

To remediate this setting, execute the following SQL statement.

ALTER SYSTEM SET SEC_CASE_SENSITIVE_LOGON = TRUE SCOPE = SPFILE;

See Also

https://workbench.cisecurity.org/benchmarks/11760

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv7|4.4

Plugin: OracleDB

Control ID: 36c108d46c8981a95f7516b46ef93e5306221d0474915760b045bfb581e76dc0