Case sensitivity for passwords should be enabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-16033 | DO6748-ORACLE11 | SV-60351r1_rule | Medium |
| Description |
|---|
| Enablement of password case sensitivity allows Oracle password complexity to meet DoD password requirements. Password complexity decreases the likelihood of successful password attacks by malicious users. |
| STIG | Date |
|---|---|
| Oracle Database 11g Instance STIG | 2017-06-29 |
Details
| Check Text ( C-16814r2_chk ) |
|---|
| From SQL*Plus: select value from v$parameter where name = 'sec_case_sensitive_logon'; If the value returned is not TRUE, this is a Finding. |
| Fix Text (F-16077r1_fix) |
|---|
| Enable case sensitive passwords. From SQL*Plus: alter system set sec_case_sensitive_logon = TRUE scope = both; The above SQL*Plus command will set the parameter to take effect immediately and permanently at next system startup. NOTE: Password and account requirements have changed for DoD since the STIG requirement listed in the table for this check was published. |