User Is Able To Login To System With Old Password If The Services Are Offline After Password Change

(Doc ID 2350209.1)

Last updated on JANUARY 19, 2018

Applies to:

Oracle Retail Point-of-Service - Version 14.1.2 and later
Information in this document applies to any platform.

Symptoms

In Oracle Retail Point-of-Service (ORPOS) 14.1.2 version, user is able to login to system with old password if the services are offline after password change.

The issue can be reproduced at will with the following steps:

1. Verify that all services are up and running;
2. Now click on POS button and then "Change Password" button;
3. Enter valid user ID, current password, provide new passwords and save.(User: navinc, oldpwd:navin1234,newpwd:navin12345);
4. The new password will be saved and user will be logged into POS;
5. Here try doing one sale with new password then logout from POS;
6. Stop the FLPOSServices (stop server);
7. Now try to login to POS with above user with the new password.

Result : POS allows user to login with old password.

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms