Password History Rule not Honored - Allows to Change Password to one Used Within the Last Nine Changes (Doc ID 2000237.1)

Last updated on JULY 20, 2024

Applies to:

Symptoms

After resetting a user's password, the user is allowed to change his/her password to one used within the prohibited password history.
Expected: After resetting a user's password, the user should not be allowed to change his/her password to one used within the prohibited password history.

STEPS
-------
The issue can be reproduced at will with the following steps:
1) Log in using current password “Password1”

a. Go to Configuration & Administration > Preferences > Change Password
b. Change Password to “Password2”
c. Go to Configuration & Administration > Preferences > Change Password
d. Try to change password to “Password1”
e. Note the error message saying you cannot use any of the last 9 passwords

2) Log in to reset user’s password as CHANGEME

a. Configuration & Administration > User Management > User Manager
b. Find your user
c. Update password fields to CHANGEME
d. Click Finished

3) Log in using current password “CHANGEME”

a. Enter old password = “CHANGEME”
b. Enter new password = “Password1”
c. Note there is no error message presented when I used a prior password

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.