Last updated on SEPTEMBER 18, 2017
Applies to:Oracle Utilities Customer Care and Billing - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
1. While using the CCB 188.8.131.52.0 in the current Product design, the passwords for the users need to be changed by the administrator . Since all the passwords for all the users are known to the administrator, he can login to any user account and perform any of the activities on that specific name which can't be identified.
Another vulnerability is that the passwords are shared through the emails to the users.
It is expected for the password to be changed by the administrator but to be a temporary password . When the user logs in with the temporary password he will be prompted for the temporary password and new password for his account.
The final password can be provided in this case only by the user as per the password policy [like 8 character +numeric character].
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms