Security Vulnerabities with SQLNet Allowed Logon Version 8?
Hi
This is 12.1.0.2 on Linux x86_64. I've logged an SR with the same question, but am still waiting for acknowledgement.
One of our application products says they must have sqlnet.allowed_logon_version_server=8. I would like to point to specific vulnerabilities tied to setting this parameter to this old value. What are the risks to a new database that sets this value to 8? Vulnerabilities (by ID), patches we cannot apply, passwords easy to crack? I need to cite specific issues for management.
We would prefer to have the latest and most secure settings.
Thank you,
Laura Sallwasser