The FAILED_LOGIN_ATTEMPTS setting determines how many failed login attempts are permitted before the system locks the user's account. While different profiles can have different and more restrictive settings, such as USERS and APPS, the minimum(s) recommended here should be set on the DEFAULT profile. Rationale: Repeated failed login attempts can indicate the initiation of a brute-force login attack, this value should be set according to the needs of the organization. (See the Notes for a warning on a known bug that can make this security measure backfire.)
Solution
Remediate this setting by executing the following SQL statement for each PROFILE returned by the audit procedure. ALTER PROFILE <profile_name> LIMIT FAILED_LOGIN_ATTEMPTS 5;