My Oracle Support Banner

Passwords Are Not Encyptyed In OUTA (Doc ID 2741265.1)

Last updated on JANUARY 05, 2021

Applies to:

Oracle Utilities Testing Accelerator - Version 6.0.0.2.0 and later
Information in this document applies to any platform.

Goal

On : OUTA 6.0.0.2.0 version,

Passwords are not encrypted in OUTA  

When viewing logs from OUTA, the user name and password is visible for all to view causing many security charges.

We are running it with Send Password as text set to true otherwise get error when we run the scripts:  

ERROR
-----------------------
“Error on verifying message against security policy Error code”  


STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. In order to run scripts, the user needs to have permission to log in the CCB, MDM applications and databases.  
2. Those network credentials are set in a user configuration.  
3. It is encrypted in the user config, but the script won’t run unless the setting “send password as plain text” is set to true.  
4. At that point, the plain text password gets stored in the log file of the script.  So, anyone view the history of the script, open the logfile and see whoever ran the script’s password.

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.