E-SEC: Password Controls Invalid Logon Attempts Get Reset When Account is Locked (Doc ID 639888.1)

Last updated on FEBRUARY 10, 2014

Applies to:

PeopleSoft Enterprise PT PeopleTools - Version 8.2 and later
Information in this document applies to any platform.
***Checked for relevance on 27-11-2012***

Symptoms

Still have questions after reading this document? Please post a question to our community: PeopleTools Community


If a customer has set the system up to lock an account after 3 invalid attempts, through password controls, the account gets locked but the invalid logon attempts number will be reset to zero if the user types in their correct password even though the account is locked. By doing this the audit behind why a person is locked is removed.  Customers need the failed logins to be retained and only reset if the account is not locked out or unless the account is unlocked. This will them check to see if accounts are attempted to be hacked.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms