Oracle Access Manager 11gr2ps3 (OAM 126.96.36.199.x) One Time Password (OTP) Implementation Does not Prevent User from Making Multiple Wrong OTP Attempts
(Doc ID 2267269.1)
Last updated on FEBRUARY 03, 2021
Applies to:Oracle Access Manager - Version 188.8.131.52.0 to 184.108.40.206.190209 [Release 11g]
Information in this document applies to any platform.
Oracle Access Manager 11gr2ps3 (OAM 220.127.116.11.x) One Time Password (OTP) Implementation Does not Prevent User from Making Multiple Wrong OTP Attempts.
- Multi factor authentication use case is being implemented using OAM Adaptive Authentication Services, but it does not prevent user from entering wrong OTP for multiple times.
- Using OAM Adaptive Authentication Scheme for Email OTP.
- Flow is not failing anywhere.
- OTP gets sent to the user's email ID.
- If user enters correct PIN, user gets access to the protected application.
- The issue is "If user enters a wrong PIN in the OTP field, user is not locked even after multiple wrong attempts." When user sees a window with OTP field, nothing happens even if user enters wrong OTP (that he recieved via Email) multiple times meaning user can make any number of attempts to validate the OTP.
How does OAM keeps record of wrong OTP attempts, if OAM Adaptive Authentication Scheme is being used for Multi-Factor Authentication (MFA)?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document