My Oracle Support Banner

MSS 6.3.1 | MetaSolv Dumps Password Into Appserverlog.xml When A User Account Already Exists In Database (Doc ID 2946277.1)

Last updated on MAY 11, 2023

Applies to:

Oracle Communications MetaSolv Solution - Version 6.3.1 and later
Information in this document applies to any platform.

Symptoms

On : 6.3.1 version, Security Issue
========================

Actual Behavior: 
When creating a new user in MSS, if the user already exists in database  , MetaSolv Solution dumps the user password into the appserverlog.xml file. This is a security and SOX issue.
 

Expected Behavior :

MSS should never log ANY password for ANY reason.

Steps
======
1-Created a user TESTMAS in DB using the CREATE USER command.
2-Created the same user in MSS GUI and got below message.



3-Hit Yes .And user is created .

4-Try logging with the same user(TESTMAS) and I got the window to change the password of TESTMAS user. Changed the password and logged in with that .

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.