Details

Unsupported Oracle network client installations may introduce vulnerabilities to the database. Restriction to use of supported versions helps to protect the database and helps to enforce newer, more robust security controls.

Solution

Edit the SQLNET.ORA file to add or edit the entries:

SQLNET.ALLOWED_LOGON_VERSION_SERVER = 12
SQLNET.ALLOWED_LOGON_VERSION_CLIENT = 12

Set the value to 12 or higher.
Valid values for SQLNET.ALLOWED_LOGON_VERSION_SERVER are: 12 and 12a

Valid values for SQLNET.ALLOWED_LOGON_VERSION_CLIENT are: 12 and 12a

For more information on sqlnet.ora parameters refer to the following document:
‘Database Net Services Reference’
http://docs.oracle.com/database/121/NETRF/sqlnet.htm#NETRF006

For more information on configuring authentication refer to the following document:
‘Oracle Database 12C Password Version Configuration Guidelines’
https://docs.oracle.com/database/121/DBSEG/authentication.htm#GUID-E6EE45DD-1E3B-4028-B8DE-65D6AA373821

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_12c_V2R3_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-6b.
• CAT|II
• CCI|CCI-000366
• Rule-ID|SV-219875r401224_rule
• STIG-ID|O121-BP-026600
• STIG-Legacy|SV-76025
• STIG-Legacy|V-61535
• Vuln-ID|V-219875

Source

• Tenable.com/audits