My Oracle Support Banner

The Token Value Is Disclosed In The GET URL When Accessing Convergence (Doc ID 2710996.1)

Last updated on MAY 12, 2021

Applies to:

Oracle Communications Convergence - Version 3.0.2 and later
Information in this document applies to any platform.

Symptoms


When accessing Convergence, the token value is disclosed in the GET URL.

The token value is created for authentication in the application and is used throughout the session.

For example, here is what is logged in the GF access log, during a login to Convergence:

Similarly, when using the Firefox debugger, the "token=PKHQRzQTfW" is exactly matched to what shows in the debugger for Convergence when viewing storage -> cookie -> Convergence.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.