E1: SEC: 9.2 Web Sign-on Page accepts more than 10 characters with Disabled Long Password Feature

(Doc ID 2179718.1)

Last updated on MAY 30, 2017

Applies to:

JD Edwards EnterpriseOne Tools - Version 9.2 and later
Information in this document applies to any platform.

Symptoms

Symptom 1

The Web Sign-on Form accepts more than 10 characters in the password field when the Long Password functionality is disabled.

 

 

Symptom 2

When changing the password, user can enter more than 10 characters and the system saves the new password FULLY, even though the Long Password Feature is disabled.

 

Steps to reproduce:

1. Create a new user UTEST.
2. Change the password for UTEST using P98OWSEC -> Admin password revision.
3. Select "Force Immediate password change" option before changing the password.
4. Login-in on Web client with user UTEST and the new password.
5. By design, it asks the user to change the old password.
6. In the "Change Password" form, enter a new password with more than 10 characters. E.g: Password entered UTEST1234567890 (15 characters)
7. The new password is accepted, even though it has more than 10 characters. No error or warning is displayed and the security table is updated with the new password - all 15 characters.
8. At the next login, the whole new password has to be entered(all 15 characters), otherwise the system throws an invalid password error.

 

This issue is for Web/Jas only. The Sign-on and Change Password forms work correctly on Fat Clients when the Long Password Feature is disabled.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms