2.2.5 Ensure 'SQLNET.ALLOWED_LOGON_VERSION_SERVER' Is Set To 12a

Information

This setting SQLNET.ALLOWED_LOGON_VERSION_SERVER configures the minimum authentication protocols clients can use to connect to database instances. Please note that the term VERSION in the parameter name refers to the version of the authentication protocol, not the version of the Oracle Database release.

Allowing deprecated or weaker authentication protocols can expose the database to security vulnerabilities, increasing the risk of unauthorized access, data loss, or breaches. Ensuring that clients use secure protocols improves the overall security posture of the database environment.

Solution

To remediate this recommendation, set SQLNET.ALLOWED_LOGON_VERSION_SERVER to 12a

Impact:

Setting this parameter to 12a may prevent some clients from connecting to the database, leading to authentication failures. Specifically, clients may encounter the error ORA-28040: The database does not accept your client's authentication protocol; login denied

See Also

https://workbench.cisecurity.org/benchmarks/16474

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|CM-7(5), 800-53|SI-2

Plugin: Unix

Control ID: e7692a245b31ddd2e9802f79c6e165cf47d4f3116e9d1be6132f5845b5dfac8e