Today, we faced an issue while changing the user’s password. Oracle Version Reported – 19.14. Generally it is recommended to raise an SR just to confirm if ORA-600 matches with your error dump.
You have option provided by Oracle Support named Ora-600 lookup tool, You can always try it. It is quite fast in listing all the related documents/Bugs etc. This way you can help SR engineer with additional information.
SQL> alter user APP_USER identified by Anything; alter user APP_USER identified by Anything * ERROR at line 1: ORA-00600: internal error code, arguments: [kzpcpw:Invaid verifier type], [], [], [], [], [], [], [], [], [], [], []
We checked for Ora-600 Lookup Tool and found one document
Oracle – ORA-600 [kzpcpw:Invalid verifier type] While Changing A User Password (Doc ID 1666155.1)
As per document, This is happening only for the users who cannot freely reuse the passwords. And Cause said to be “the hashes of the old passwords stored in user_history$ are corrupted”.
They ask us to Delete from user_history$ the information for the user –
delete from user_history$ where user# in (select user# from user$ where name='<username>');
Along with that they asked us to check if there is any “funny characters” or “Corrupt values” in password or spare4 of user$ and delete old history of password change.
Workaround –
We used following workaround instead – As I don’t wanted to delete any information from user_history$ and Raising SR would have delayed the activity. I planned to test one scenario – As they mentioned – this is happening only for the users who cannot freely reuse the passwords.
Check the current Profile of the user –
SQL> select profile from dba_users where username='APP_USER'; PROFILE ------------------------------ APP_PROFILE
I have checked for profile details using following sql –
SQL> select * from dba_profiles where profile='APP_PROFILE'; PROFILE RESOURCE_NAME RESOURCE LIMIT COM INH IMP ------------------------------ -------------------------------- -------- ---------------- --- --- --- APP_PROFILE COMPOSITE_LIMIT KERNEL DEFAULT NO NO NO APP_PROFILE SESSIONS_PER_USER KERNEL 10 NO NO NO APP_PROFILE CPU_PER_SESSION KERNEL DEFAULT NO NO NO APP_PROFILE CPU_PER_CALL KERNEL DEFAULT NO NO NO APP_PROFILE LOGICAL_READS_PER_SESSION KERNEL DEFAULT NO NO NO APP_PROFILE LOGICAL_READS_PER_CALL KERNEL DEFAULT NO NO NO APP_PROFILE IDLE_TIME KERNEL 30 NO NO NO APP_PROFILE CONNECT_TIME KERNEL UNLIMITED NO NO NO APP_PROFILE PRIVATE_SGA KERNEL DEFAULT NO NO NO APP_PROFILE FAILED_LOGIN_ATTEMPTS PASSWORD 3 NO NO NO APP_PROFILE PASSWORD_LIFE_TIME PASSWORD 365 NO NO NO APP_PROFILE PASSWORD_REUSE_TIME PASSWORD UNLIMITED NO NO NO APP_PROFILE PASSWORD_REUSE_MAX PASSWORD 10 NO NO NO APP_PROFILE PASSWORD_VERIFY_FUNCTION PASSWORD VERIFY_FUNCTION NO NO NO APP_PROFILE PASSWORD_LOCK_TIME PASSWORD 999 NO NO NO APP_PROFILE PASSWORD_GRACE_TIME PASSWORD 7 NO NO NO APP_PROFILE INACTIVE_ACCOUNT_TIME PASSWORD DEFAULT NO NO NO
I have changed the profile of the user during password change, this way it will have freedom to reuse the password. And later I changed it back to old profile.
alter user APP_USER identified by Anything profile default; alter user APP_USER profile APP_PROFILE;