Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Oracle REMOTE_OS_AUTHENT parameter must be set to FALSE.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-53975 | O112-BP-021900 | SV-68215r1_rule | High |
| Description |
|---|
| Setting this value to TRUE allows operating system authentication over an unsecured connection. Trusting remote operating systems can allow a user to impersonate another operating system user and connect to the database without having to supply a password. If REMOTE_OS_AUTHENT is set to true, the only information a remote user needs to connect to the database is the name of any user whose account is setup to be authenticated by the operating system. |
| STIG | Date |
|---|---|
| Oracle Database 11.2g Security Technical Implementation Guide | 2017-06-30 |
Details
| Check Text ( C-54765r1_chk ) |
|---|
| From SQL*Plus: select value from v$parameter where name = 'remote_os_authent'; If the value returned does not equal FALSE, this is a Finding. |
| Fix Text (F-58815r1_fix) |
|---|
| Document remote OS authentication in the System Security Plan. If not required or not mitigated to an acceptable level, disable remote OS authentication. From SQL*Plus: alter system set remote_os_authent = FALSE scope = spfile; The above SQL*Plus command will set the parameter to take effect at next system startup. |