Information
This setting SQLNET.ALLOWED_LOGON_VERSION_SERVER configures the minimum authentication protocols clients can use to connect to database instances. Please note that the term VERSION in the parameter name refers to the version of the authentication protocol, not the version of the Oracle Database release.
Allowing deprecated or weaker authentication protocols can expose the database to security vulnerabilities, increasing the risk of unauthorized access, data loss, or breaches. Ensuring that clients use secure protocols improves the overall security posture of the database environment.
Solution
To remediate this recommendation, set SQLNET.ALLOWED_LOGON_VERSION_SERVER to 12a
Impact:
Setting this parameter to 12a may prevent some clients from connecting to the database, leading to authentication failures. Specifically, clients may encounter the error ORA-28040: The database does not accept your client's authentication protocol; login denied