Oracle Access Manager (OAM) Browser HTTP Headers Plugins Show Log-in Flow Posts Of Credentials In Clear Text
(Doc ID 2940883.1)
Last updated on JULY 26, 2024
Applies to:
Oracle Access Manager - Version 12.2.1.4.0 and laterInformation in this document applies to any platform.
Goal
Why does a browsers HTTP header plugin show the username and password used in the login process?
Background
In a browser session, a plugin is used to view HTTP Headers of the login process. When the login process prompts for credentials (username/password), it show the POST of this data in clear text.
Steps to Reproduce
1. Access to protected page by Oracle Access Manager (OAM)/WebGate
2. Enable HTTP HEADER capture in browser
3. Enter username/password on OAM single sign on page
4. View headers in the browser shows Username and Password in clear text
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |