Authentication

User auth tokens are not rotated in the last 90 days

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

An auth token is an Oracle-generated token string that you can use to authenticate with third-party APIs that do not support Oracle Cloud Infrastructure's signature-based authentication. The auth token is associated with the user's Console login. It was detected that user {OciUser.Name} has an auth token that was not rotated in the last 90 days. A user auth token needs to be rotated every 90 days or less in order to decrease the likelihood of accidental exposures and protect your resources against unauthorized access.
  • Recommended Mitigation

    It is recommended to delete any auth token that was not rotated in the last 90 days.