Profile 'Signon Password No Reuse' Is Not Enforced After A System Migration To Hash SHA1

(Doc ID 2260208.1)

Last updated on MARCH 28, 2018

Applies to:

Oracle Application Object Library - Version 12.1.3 to 12.2 [Release 12.1 to 12.2]
Information in this document applies to any platform.

Symptoms

After settings the profile option "Signon Password No Reuse" to x number of days, the profile is not enforced when users change their password, and they can still use the same password.

Business requirements require any password in effect for 'n' number of days should be disallowed the next time the user password is changed, however testing shows these passwords can still be reused.

Changes

 System was migrated to Hash SHA1.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms