Last updated on MARCH 02, 2015
Applies to:Oracle Enterprise Single Sign-On Suite Plus - Version 220.127.116.11.0 to 18.104.22.168.0 [Release 11g]
Information in this document applies to any platform.
The enrollment process for password reset uses Integrated Windows Authentication (IWA), using the last logged in user for a workstation to know who they are during enrollment. The problem would be, if Person-A leaves their workstation unlocked, a second Person-B could walk up, launch the enrollment URL and re-enroll Person-A without their knowledge. This would allow Person-B to reset Person-A's password. Can you prevent this by requiring a user to re-authenticate as user enroll?
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms