Enhanced Security Maximum Password Length Is Considered False When The Password Has Non-Ascii Characters

(Doc ID 2235000.1)

Last updated on JUNE 13, 2017

Applies to:

Oracle Agile Engineering Data Management - Version and later
Information in this document applies to any platform.


Find that when E6 users that decide to change their passwords using prt_mod_pwd (equivalent to menu Tools->Change Password) will run into warning message "Your password must consist of up to 20 characters!" with passwords of lenght The condition is that default parameter DTV-PWD-MAX-LEN GLOBAL I 20 is set, which will restrict the maximum allowed size of the password to 20 characters.

Expected Behavior:
Max characters size should reflect the maximum allowed number of characters in strings even if is used ascii or non-ascii characters in UTF-8 encoding.

What is working:
All parameters are functioning correctly and the whole functionality behind the process of changing password is working. Changing the password from an admin account from Manager->Permissions->User->Basic Data would actually allow to set the password §$%&/()=?´`°^*+'4q

The issue can be reproduced at will with the following steps:
1. Set default parameter DTV-PWD-MAX-LEN GLOBAL I 20 along with parameter DTV-PWD-ENC GLOBAL L y to enable enhanced security
2. Login into an account and use menu: Tools->Change Password to open the dialog window
3. Change your regular password to "§$%&/()=?´`°^*+'4q" - the count is 18 characters
4. Find warning message: Your password must consist of up to 20 characters!
5. Same warning would be generated for a password consisting of 11 non-ascii characters that would occupy 2 bytes instead of 1 each. E.g "ąęąęąęąęąęą"

Business Impact:
Users will be confused when they change their passwords because they count non-ascii characters the same as ascii.


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms