My Oracle Support Banner

iSupport: Reset Password Fails to Verify the Existing Password (Doc ID 1052887.1)

Last updated on JULY 14, 2020

Applies to:

Oracle iSupport - Version 11.5.10 and later
Information in this document applies to any platform.


On iSupport,
Find that users attempting to change their password are not prompted to enter the existing password.
This is causing security issues.

Expected password changes is that the user first enters the existing password then enters the new password twice.

The issue can be reproduced at will with the following steps:
1. (R) iSupport
2. User Profile > Personal Profile > Reset password.
3. Enter New password
4. Renter New Password
5. Update : Obtain a Confirmation: 'Password has been changed'

The issue has the following business impact:
Users are exposed to security issues. The password can be changed by any body on an unattended terminal.




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.