My Oracle Support Banner

Oracle Access Manager (OAM) Browser HTTP Headers Plugins Show Log-in Flow Posts Of Credentials In Clear Text (Doc ID 2940883.1)

Last updated on JULY 26, 2024

Applies to:

Oracle Access Manager - Version 12.2.1.4.0 and later
Information in this document applies to any platform.

Goal

Why does a browsers HTTP header plugin show the username and password used in the login process?

Background
In a browser session, a plugin is used to view HTTP Headers of the login process. When the login process prompts for credentials (username/password), it show the POST of this data in clear text.

Steps to Reproduce
1. Access to protected page by Oracle Access Manager (OAM)/WebGate
2. Enable HTTP HEADER capture in browser
3. Enter username/password on OAM single sign on page
4. View headers in the browser shows Username and Password in clear text

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.