3.4 Ensure 'PASSWORD_REUSE_MAX' Is Set To 'UNLIMITED'

Information

The PASSWORD_REUSE_MAX setting determines how many different passwords must be used before the user is allowed to reuse a prior password. The suggested value for this is UNLIMITED.

Allowing reuse of a password within a short period of time after the password's initial use can make the success of both social-engineering and brute-force password-based attacks more likely.

Solution

Remediate this setting by executing the following SQL statement for each PROFILE returned by the audit procedure.

ALTER PROFILE <profile_name> LIMIT PASSWORD_REUSE_MAX 'UNLIMITED';

See Also

https://workbench.cisecurity.org/benchmarks/16474

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv7|4.4

Plugin: OracleDB

Control ID: 76ca34eef55f8c58973edc67eae5e2daebf9734ead4df5caa1857cb363e81927