Why IM User (with $ or ^ special character in its password) Can Log Onto IM Console But Fails to Log Onto OOTB Infocenter With ESAPI IntrusionDetector Error? (Doc ID 1980526.1)

Last updated on FEBRUARY 06, 2017

Applies to:

Oracle Knowledge - Version 8.4.7 and later
Information in this document applies to any platform.

Symptoms

IM user (with $ or ^ special character in its password) can log onto IM Console but fails to log onto OOTB Infocenter with ESAPI IntrusionDetector error below:

...
4100069 [TP-Processor21] WARN InfoCenter:IntrusionDetector - [SECURITY FAILURE Anonymous:null@unknown -> /InfoCenter/IntrusionDetector] Invalid input: context=PASSWORD, type(UnicodeString3)=^[\p{L}\p{P}\p{Nd} ]+$, input=mySamplePa$^word
org.owasp.esapi.errors.ValidationException: PASSWORD: Invalid input. Please conform to regex ^[\p{L}\p{P}\p{Nd} ]+$ with a maximum length of 50
at org.owasp.esapi.reference.validation.StringValidationRule.checkWhitelist(StringValidationRule.java:145)
at org.owasp.esapi.reference.validation.StringValidationRule.checkWhitelist(StringValidationRule.java:161)
...

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms