2.3 - Administration Console Session Timeout is not set

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The 'Administration Console Session Timeout' text field is used to log off users that are not active on the system. A user will be logged off of the Oracle WebLogic Server Console once the timer, as defined by the 'session-timeout' value, has expired.

If the 'Administration Console Session Timeout' text field is not set then the Administration Console would not automatically log out, leaving an opportunity for a malicious user to gain access to the Oracle WebLogic Server.

Solution

1. Login to the Administration Console.
2. In the Change Center, click Lock & Edit.
3. In the left pane, select the Domain name.
4. Select Configuration > Genera, and then click Advanced at the bottom of the page.
5. In the 'Console Session Timeout' text field enter [900].
6. Click Save.
7. To activate these changes, in the Change Center of the Administration Console, click Activate Changes.

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-12

Plugin: Windows

Control ID: 97f9e9abe76c8e755f647320d3fe9a5bb1a563f706f177c2cb0e45d5552a5582