Passwords Are Not Encyptyed In OUTA
(Doc ID 2741265.1)
Last updated on JUNE 03, 2024
Applies to:
Oracle Utilities Testing Accelerator - Version 6.0.0.2.0 and laterInformation in this document applies to any platform.
Goal
On : OUTA 6.0.0.2.0 version,
Passwords are not encrypted in OUTA
When viewing logs from OUTA, the user name and password is visible for all to view causing many security charges.
We are running it with Send Password as text set to true otherwise get error when we run the scripts:
ERROR
-----------------------
“Error on verifying message against security policy Error code”
STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. In order to run scripts, the user needs to have permission to log in the CCB, MDM applications and databases.
2. Those network credentials are set in a user configuration.
3. It is encrypted in the user config, but the script won’t run unless the setting “send password as plain text” is set to true.
4. At that point, the plain text password gets stored in the log file of the script. So, anyone view the history of the script, open the logfile and see whoever ran the script’s password.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |
| References |