Oracle Access Manager 11gr2ps3 (OAM 22.214.171.124.x) One Time Password (OTP) Implementation Does not Prevent User from Making Multiple Wrong OTP Attempts
Last updated on MAY 25, 2017
Applies to:Oracle Access Manager - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
Oracle Access Manager 11gr2ps3 (OAM 188.8.131.52.x) One Time Password (OTP) Implementation Does not Prevent User from Making Multiple Wrong OTP Attempts.
- Multi factor authentication use case is being implemented using OAM Adaptive Authentication Services, but it does not prevent user from entering wrong OTP for multiple times.
- Using OAM Adaptive Authentication Scheme for Email OTP.
- Flow is not failing anywhere.
- OTP gets sent to the user's email ID.
- If user enters correct PIN, user gets access to the protected application.
- The issue is "If user enters a wrong PIN in the OTP field, user is not locked even after multiple wrong attempts." When user sees a window with OTP field, nothing happens even if user enters wrong OTP (that he recieved via Email) multiple times meaning user can make any number of attempts to validate the OTP.
How does OAM keeps record of wrong OTP attempts, if OAM Adaptive Authentication Scheme is being used for Multi-Factor Authentication (MFA)?
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms