STIGQter STIGQter: STIG Summary: Oracle WebLogic Server 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Oracle WebLogic must enforce password complexity by the number of special characters used.

DISA Rule

SV-235970r628688_rule

Vulnerability Number

V-235970

Group Title

SRG-APP-000516-AS-000237

Rule Version

WBLC-05-000165

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

1. Access AC
2. From 'Domain Structure', select 'Security Realms'
3. Select realm to configure (default is 'myrealm')
4. Select 'Providers' tab -> 'Password Validation' subtab
5. Select 'SystemPasswordValidator'
6. Select 'Configuration' tab -> 'Provider Specific' subtab
7. Utilize 'Change Center' to create a new change session
8. Set 'Minimum Number of Non-Alphanumeric Characters' field value to '1' or higher. Click 'Save'

Check Contents

1. Access AC
2. From 'Domain Structure', select 'Security Realms'
3. Select realm to configure (default is 'myrealm')
4. Select 'Providers' tab -> 'Password Validation' subtab
5. Select 'SystemPasswordValidator'
6. Select 'Configuration' tab -> 'Provider Specific' subtab
7. Ensure 'Minimum Number of Non-Alphanumeric Characters' field value is set to '1' or higher

If the 'Minimum Number of Non-Alphanumeric Characters' field value is not set to '1' or higher, this is a finding.

Vulnerability Number

V-235970

Documentable

False

Rule Version

WBLC-05-000165

Severity Override Guidance

1. Access AC
2. From 'Domain Structure', select 'Security Realms'
3. Select realm to configure (default is 'myrealm')
4. Select 'Providers' tab -> 'Password Validation' subtab
5. Select 'SystemPasswordValidator'
6. Select 'Configuration' tab -> 'Provider Specific' subtab
7. Ensure 'Minimum Number of Non-Alphanumeric Characters' field value is set to '1' or higher

If the 'Minimum Number of Non-Alphanumeric Characters' field value is not set to '1' or higher, this is a finding.

Check Content Reference

M

Target Key

5282

Comments