Password Complexity Rules Are Not Enforced When Resetting Password Via the 'Reset Password' link on the APEX Login Page (Doc ID 2470789.1)

Last updated on FEBRUARY 18, 2021

Applies to:

Symptoms

When trying to reset password from the 'Reset Password' link on the APEX Login page, the password complexity rules are not enforced.

Password complexity rules are enforced only if the internal admin attempts to change password from Internal administration interface.

For example:

Log in to the "Internal administration"
- Navigate to Manage Instance\Security
- Click on Password Policy tab and select "Yes" for the "Must Contain At Least One Numeric Character"
- Apply Changes

The following error occurs if the internal admin tries to reset the password (without including a numeric character) for a workspace user using the Edit User page:

Password does not conform to this site's password complexity rules.
◦Password must contain at least one numeric character
(0123456789).

The above error is the expected behavior because "Must Contain At Least One Numeric Character" is set to Yes in the Password Policy settings under Manage Instance\Security.

However, when the workspace user tries to reset his password (without including a numeric character) from the 'Reset Password' link on the APEX Login page, the password complexity rule is not enforced.
That is, the Reset Password URL link is emailed to the user and when he tries to reset the password using this URL link, he does not get the above error if the password does not conform to the password complexity rules.

The password complexity rules are enforced only when you edit the user password from Manage Workspaces\Manage Developers and Users page.

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.