UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Password reuse should be prevented where supported by the DBMS.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15633 DG0126-ORACLE10 SV-24786r1_rule IAIA-1 IAIA-2 Medium
Description
Password reuse restrictions protect against bypass of password expiration requirements and help protect accounts from password guessing attempts. The DoDI 8500.2 specifies preventing password reuse to the extent system capabilities permit. The PASSWORD_REUSE_MAX value specifies the number of password changes before a password can be reused. The PASSWORD_REUSE_TIME value specifies the length of time before a password can be reused.
STIG Date
Oracle 10 Database Instance STIG 2014-01-14

Details

Check Text ( None )
None
Fix Text (F-26383r1_fix)
Configure the DBMS to prevent password reuse by modifying Oracle profiles:

From SQL*Plus:

alter profile default limit
password_reuse_max 10
password_reuse_time UNLIMITED;

alter profile [profile name] limit
password_reuse_max default
password_reuse_time default;

Replace [profile name] with any existing, non-default profile names.

Where Host Authentication is used, configure the OS to prevent password reuse.

Consider configuring the DBMS to use alternate authentication methods other than password authentication where supported by the DBMS.