Appears that the parameter SEC_CASE_SENSITIVE_LOGON has been deprecated in 12c, is retained for compatibility with version before. This parameter was a new feature in version 11g, and make passwords case sensitive, because it was easier to crack passwords in oracle if they were case insensitive. Eg;
If we have a password of 4 characters, letters A’s
- aaaa, are four characters and a unique combination, just have to try to crack yyyy one time.
- aAaA, are 2 * 2 * 2 * 2 is 16 combinations, have to try to crack 16 times aaaa, Aaaa, aaaa, aaaa, … in this case is 16 times more complex break the password than in the previous case.
HTH – Antonio NAVARRO