My Oracle Support Banner

CBB - ConfigureEnv.Log Contains User's Passwords In Plain Text (Doc ID 1385894.1)

Last updated on MARCH 20, 2019

Applies to:

Oracle Utilities Customer Care and Billing - Version 2.3.1 and later
Information in this document applies to any platform.

Goal


The script configureEnv.sh (or the Windows version configureEnv.cmd) reports plain text passwords in the log file configureEnv.log.

Steps to reproduce:
1) execute configureEnv script, use the menu to change one
of the configurable passwords, press <P> to process.
2) Open the <SPLENVIRON>/logs/system/configureEnv.log with an editor, it shows
the actual encryption command line with the password in plain text.

End of output
111115:100107 <info>  About to exec command /software/java/bin/java  com.splwg.shared.common.Cryptography -p <PASSWORD>

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.