Information
The setting PASSWORD_VERIFY_FUNCTION is used to enable password complexity verification. If using a custom verification function, it's important to ensure that the complexity function meets your organization's policy for password complexity. Review the code to ensure that the password verification function meets the password complexity rules that have been set for your organization.
Having strong password management for users will protect against attackers' brute force techniques. This is important especially if external authentication is not possible to implement due to application requirements or restrictions.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
If you discover profiles using verification functions that do not meet your organization's standards, you may remediate this setting by executing the following SQL statement for each PROFILE returned by the audit procedure. This will cause accounts assigned those profiles to use the ora12c_strong_verify_function The next time that account's password is changed, the new function will validate that they meet standards.
ALTER PROFILE <profile_name> LIMIT
PASSWORD_VERIFY_FUNCTION ORA12C_STRONG_VERIFY_FUNCTION;