My Oracle Support Banner

Profile GSM_PROF Setting FAILED_LOGIN_ATTEMPT=10000000 Violates Corp Security Policy (Doc ID 2795838.1)

Last updated on JULY 20, 2024

Applies to:

Oracle Database - Enterprise Edition - Version 19.9.0.0.0 to 20.0.0.0.0 Beta [Release 19 to 20.0]
Information in this document applies to any platform.

Goal

According to Doc ID 2451080.1, starting with Oracle Version 12.2 a new profile GSM_PROF is created with FAILED_LOGIN_ATTEMPTS=10000000 to prevent Denial of Service attacks.

However this violates your company policy of setting FAILED_LOGIN_ATTEMPTS=6, and it is getting flagged on your security scanning.

You want to know if there is any risk in changing GSM_PROF FAILED_LOGIN_ATTEMPTS=6.

How to check if GDS or sharding database is used or not?

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.