Oracle Access Manager (OAM) Allows Unlimited Invalid One Time Pin (OTP) Attempts
(Doc ID 2701737.1)
Last updated on JANUARY 15, 2021
Applies to:
Oracle Access Manager - Version 12.2.1.3.0 and laterInformation in this document applies to any platform.
Symptoms
Oracle Access Manager (OAM) Allows Unlimited Invalid One Time Pin (OTP) Attempts
Scenario
1. Invoke an authentication flow that uses One Time Pin (OTp)
2. Enter an invalid pin
3. Returns an error as expected "Invalid One time pin"
4. Repeat this process multiple time, unclear if there is a limit, but will theoretically allow as many times as wanted, never change the results "Invalid One time pin"
- If at any time in the process the correct OTP is entered, the protected resource is displayed
- Using MaxAttempts under AdaptiveAuthentication Plugin does not help
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |