Password History Rule not Honored - Allows to Change Password to one Used Within the Last Nine Changes
(Doc ID 2000237.1)
Last updated on APRIL 10, 2018
Applies to:Oracle Transportation Management - Version 6.2.0 and later
Information in this document applies to any platform.
After resetting a user's password, the user is allowed to change his/her password to one used within the prohibited password history.
Expected: After resetting a user's password, the user should not be allowed to change his/her password to one used within the prohibited password history.
The issue can be reproduced at will with the following steps:
1) Log in using current password “Password1”
a. Go to Configuration & Administration > Preferences > Change Password
b. Change Password to “Password2”
c. Go to Configuration & Administration > Preferences > Change Password
d. Try to change password to “Password1”
e. Note the error message saying you cannot use any of the last 9 passwords
2) Log in to reset user’s password as CHANGEME
a. Configuration & Administration > User Management > User Manager
b. Find your user
c. Update password fields to CHANGEME
d. Click Finished
3) Log in using current password “CHANGEME”
a. Enter old password = “CHANGEME”
b. Enter new password = “Password1”
c. Note there is no error message presented when I used a prior password
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!