Does enforce-valid-basic-auth-credentials Create a Security Risk?
(Doc ID 2717065.1)
Last updated on OCTOBER 12, 2020
Applies to:Oracle WebLogic Server - Version 184.108.40.206.0 and later
Information in this document applies to any platform.
A third-party application is deployed to a WebLogic 220.127.116.11 domain and accessed by the vendor's cloud service. When the property
enforce-valid-basic-auth-credentials is set to true, the external vendor client gets a prompt requesting username and password for our default administrator's account ("weblogic"), which is in the Administrators group. To change this behavior (not get the login prompt), the vendor has requested that
enforce-valid-basic-auth-credentials be set to false.
enforce-valid-basic-auth-credentials is set to false, does this mean that the external vendor client can now log in as the default Administrators account ("weblogic") in the Administrators group? If so, would it now be possible for the external client to perform common WebLogic administrative tasks (such as make changes to settings, deploy apps, etc.)?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document