The Conditions In password_verify_function Not Applied When ALTER USER Privilege Granted

(Doc ID 2363109.1)

Last updated on FEBRUARY 21, 2018

Applies to:

Oracle Database - Enterprise Edition - Version 11.2.0.4 and later
Information in this document applies to any platform.

Symptoms

After running the UTLPWDMG and setting the password_verify_function to the DEFAULT profiles, we noticed that the policies/limitations/rules are not enforced as they should and as they are defined in the function.

select * from dba_profiles where profile='DEFAULT';

PROFILE RESOURCE_NAME RESOURCE LIMIT
------------- ------------------------------------------------- ------------------------------------------------
DEFAULT COMPOSITE_LIMIT KERNEL UNLIMITED
DEFAULT SESSIONS_PER_USER KERNEL   UNLIMITED
DEFAULT CPU_PER_SESSION KERNEL   UNLIMITED
DEFAULT CPU_PER_CALL KERNEL   UNLIMITED
DEFAULT LOGICAL_READS_PER_SESSION KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_CALL KERNEL   UNLIMITED
DEFAULT IDLE_TIME KERNEL UNLIMITED
DEFAULT CONNECT_TIME KERNEL   UNLIMITED
DEFAULT PRIVATE_SGA KERNEL   UNLIMITED
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD 10
DEFAULT PASSWORD_LIFE_TIME PASSWORD 180
DEFAULT PASSWORD_REUSE_TIME PASSWORD   5
DEFAULT PASSWORD_REUSE_MAX PASSWORD UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD VERIFY_FUNCTION_11G
DEFAULT PASSWORD_LOCK_TIME PASSWORD   1
DEFAULT PASSWORD_GRACE_TIME PASSWORD   7

Changes

Granted ALTER USER privilege to the user that was used for testing this.

Cause

	Sign In with your My Oracle Support account
	Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms