Category: Security

The following error occurs when trying to change user password in Oracle Database.

SQL> alter user TESTUSER identified by "TestPassword";
alter user TESTUSER identified by "TestPassword";
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed

Check user profile:

SQL> select profile from dba_users where username='TESTUSER';

PROFILE
------------------------------------------------------
TEST_USER_PROFILE

Find password verify function

SQL> select RESOURCE_NAME,RESOURCE_TYPE,LIMIT 
FROM DBA_PROFILES 
WHERE PROFILE='TEST_USER_PROFILE'  
AND RESOURCE_NAME='PASSWORD_VERIFY_FUNCTION';

RESOURCE_NAME                    RESOURCE   LIMIT
--------------------------       ---------  ----------------------
PASSWORD_VERIFY_FUNCTION         PASSWORD    TEST_USER_VFY_FN

Extract code of password verify function

SQL> select OWNER,substr(TEXT,1,50)  
from dba_source 
where NAME='TEST_USER_VFY_FN' 
order by line;

OWNER      SUBSTR(TEXT,1,50)
---------- --------------------------------------------------
SYS        FUNCTION test_user_vfy_fn (username varchar2,
SYS        BEGIN

...
..
.

SYS                IF LENGTH(password) >= 25 THEN
SYS                        RETURN(TRUE);
SYS                ELSE
SYS                        RETURN(FALSE);
SYS                END IF;
SYS        END;

The password length should be equal or greater than 25.