DG0071-ORACLE11 - New passwords must be required to differ from old passwords by more than four characters - 'PASSWORD_VERIFY_FUNCTION is not set to NULL or DEFAULT'

Information

Changing passwords frequently can thwart password-guessing attempts or re-establish protection of a compromised DBMS account. Minor changes to passwords may not accomplish this as password guessing may be able to continue to build on previous guesses or the new password may be easily guessed using the old password.

Solution

Define and apply a password_verify_function for all profiles where passwords are used to authenticate accounts.

See Fix information for DG0079 to create a password_verify_function that meets STIG requirements.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-24387r3_rule, STIG-ID|DG0071-ORACLE11, Vuln-ID|V-3815

Plugin: OracleDB

Control ID: 465dda8c64002c153c670463b97865b0d96a83b84e385dd7f7813b82d7533a3d