Password History Rule not Honored - Allows to Change Password to one Used Within the Last Nine Changes (Doc ID 2000237.1)

Last updated on SEPTEMBER 08, 2016

Applies to:

Oracle Transportation Management - Version 6.2.0 and later
Information in this document applies to any platform.

Symptoms

After resetting a user's password, the user is allowed to change his/her password to one used within the prohibited password history.
Expected: After resetting a user's password, the user should not be allowed to change his/her password to one used within the prohibited password history.

STEPS
-------
The issue can be reproduced at will with the following steps:
1) Log in using current password “Password1”

a. Go to Configuration & Administration > Preferences > Change Password
b. Change Password to “Password2”
c. Go to Configuration & Administration > Preferences > Change Password
d. Try to change password to “Password1”
e. Note the error message saying you cannot use any of the last 9 passwords

2) Log in to reset user’s password as CHANGEME

a. Configuration & Administration > User Management > User Manager
b. Find your user
c. Update password fields to CHANGEME
d. Click Finished

3) Log in using current password “CHANGEME”

a. Enter old password = “CHANGEME”
b. Enter new password = “Password1”
c. Note there is no error message presented when I used a prior password

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms