CBB - ConfigureEnv.Log Contains User's Passwords In Plain Text
Last updated on DECEMBER 14, 2011
Applies to:Oracle Utilities Customer Care and Billing - Version: 2.3.1
Information in this document applies to any platform.
=== ODM Question ===
The script configureEnv.sh (or the Windows version configureEnv.cmd)
reports plain text passwords in the log file configureEnv.log.
Steps to reproduce:
1) execute configureEnv script, use the menu to change one
of the configurable passwords, press <P> to process.
2) Open the <SPLENVIRON>/logs/system/configureEnv.log with an editor, it shows
the actual encryption command line with the password in plain text.
End of output
111115:100107 <info> About to exec command /software/java/bin/java com.splwg.shared.common.Cryptography -p sysuser00
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms