CBB - ConfigureEnv.Log Contains User's Passwords In Plain Text
(Doc ID 1385894.1)
Last updated on MARCH 20, 2019
Applies to:Oracle Utilities Customer Care and Billing - Version 2.3.1 and later
Information in this document applies to any platform.
The script configureEnv.sh (or the Windows version configureEnv.cmd) reports plain text passwords in the log file configureEnv.log.
Steps to reproduce:
1) execute configureEnv script, use the menu to change one
of the configurable passwords, press <P> to process.
2) Open the <SPLENVIRON>/logs/system/configureEnv.log with an editor, it shows
the actual encryption command line with the password in plain text.
111115:100107 <info> About to exec command /software/java/bin/java com.splwg.shared.common.Cryptography -p <PASSWORD>
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document