Finding the source of failed login attempts.
(Doc ID 352389.1)
Last updated on APRIL 23, 2020
Oracle Database - Enterprise Edition - Version 126.96.36.199 to 188.8.131.52 [Release 9.0.1 to 11.2] Information in this document applies to any platform.
Oracle Server Enterprise Edition - Version: 184.108.40.206 to 220.127.116.11
Checked for relevance on 24-Mar-2014
This troubleshooting guide is aimed at providing information on how to trace suspect logins that have failed with ora-1017, logon denied during database authentication. Note that a malicious origin is in most cases not the cause of an unsuccessful login. It can be simply a typo in the username or password, a cron job with an invalid password in it or even an Oracle client program that was badly configured (for example see referenced note 267401.1). Anyway these unsuccessful connect attempts can be a nuisance, especially when a password management policy is in place that has a limit on failed_login_attempts and cause the ora-28000 "the account is locked" error.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!