UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

New passwords should be required to differ from old passwords by more than four characters.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3815 DG0071-ORACLE10 SV-24386r1_rule IAIA-1 IAIA-2 Medium
Description
Changing passwords frequently can thwart password-guessing attempts or re-establish protection of a compromised DBMS account. Minor changes to passwords may not accomplish this as password guessing may be able to continue to build on previous guesses or the new password may be easily guessed using the old password.
STIG Date
Oracle 10 Database Instance STIG 2014-01-14

Details

Check Text ( None )
None
Fix Text (F-25980r1_fix)
Define and apply a password_verify_function for all profiles where passwords are used to authenticate accounts.

See Fix information for DG0079 to create a password_verify_function that meets STIG requirements.