Account Not Locked If 'Current Password' Is Incorrectly Entered 3 Times During 'Force Change Password' When OAM Password Policy Is in Place. (Doc ID 2043366.1)

Last updated on OCTOBER 24, 2023

Applies to:

Oracle Access Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Symptoms

1] Consider a user who requests the admin team for a password reset.
2] Admin resets the password <VALUE>
3] Login to the application(protected with Oracle Access Manager (OAM)) with <username> and <passssword>
4] Force change password window appears.
5] Enter the current password as (some random valuue
6] Enter in New and confirm password fields a password that meets the password policy
7] Click on 'Change Password'
8] Repeat steps 5 to 7 for 3 times

Expected Result:

After 3 invalid attempts the user account must get locked and error message.

Actual Result:

User account is not getting locked. User can continue to enter incorrect current password - we tested till 9 attempts.

Changes

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Account Not Locked If 'Current Password' Is Incorrectly Entered 3 Times During 'Force Change Password' When OAM Password Policy Is in Place. (Doc ID 2043366.1)

Applies to:

Symptoms

Changes

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!