The Token Value Is Disclosed In The GET URL When Accessing Convergence
(Doc ID 2710996.1)
Last updated on APRIL 03, 2024
Applies to:
Oracle Communications Convergence - Version 3.0.2 and laterInformation in this document applies to any platform.
Symptoms
When accessing Convergence, the token value is disclosed in the GET URL.
The token value is created for authentication in the application and is used throughout the session.
For example, here is what is logged in the GF access log, during a login to Convergence:
Similarly, when using the Firefox debugger, the "token=PKHQRzQTfW" is exactly matched to what shows in the debugger for Convergence when viewing storage -> cookie -> Convergence.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |