UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Oracle SEC_MAX_FAILED_LOGIN_ATTEMPTS parameter should be set to an ISSO-approved value between 1 and 3.


Overview

Finding ID Version Rule ID IA Controls Severity
V-16035 DO6749-ORACLE11 SV-55939r2_rule ECLO-1 ECLO-2 Medium
Description
The SEC_MAX_FAILED_LOGIN_ATTEMPTS prevents multiple failed login attempts by a single connection. The parameter differs from the limit set on user profiles and applied to failed login attempts to a single user account. Limiting failed authentication attempts by a single connection helps protect against Denial of Service (DoS) attacks and authentication attempts against multiple user accounts.
STIG Date
Oracle Database 11g Instance STIG 2015-03-26

Details

Check Text ( C-16815r2_chk )
From SQL*Plus:

select value from v$parameter where name = 'sec_max_failed_login_attempts';

If the value returned is equal to 0 or greater than 3, this is a Finding.
Fix Text (F-16078r1_fix)
Limit the number of failed login attempts for the database.

From SQL*Plus:

alter system set sec_max_failed_login_attempts = 3 scope = spfile;

The above SQL*Plus command will set the parameter to take effect at next system startup.