MSS 6.3.1 | MetaSolv Dumps Password Into Appserverlog.xml When A User Account Already Exists In Database
(Doc ID 2946277.1)
Last updated on MAY 11, 2023
Applies to:
Oracle Communications MetaSolv Solution - Version 6.3.1 and laterInformation in this document applies to any platform.
Symptoms
On : 6.3.1 version, Security Issue
========================
Actual Behavior:
When creating a new user in MSS, if the user already exists in database , MetaSolv Solution dumps the user password into the appserverlog.xml file. This is a security and SOX issue.
Expected Behavior :
MSS should never log ANY password for ANY reason.
Steps
======
1-Created a user TESTMAS in DB using the CREATE USER command.
2-Created the same user in MSS GUI and got below message.
3-Hit Yes .And user is created .
4-Try logging with the same user(TESTMAS) and I got the window to change the password of TESTMAS user. Changed the password and logged in with that .
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |