Login Assistance Shows SQL Errorstack When Invalid Username Used (Doc ID 2656935.1)

Last updated on DECEMBER 08, 2022

Applies to:

Oracle User Management - Version 12.2.4 and later
Information in this document applies to any platform.

Goal

When entering a username to reset password, two different messages are presented depending on validity of entered value for username. Valid User names generate a message that an email is being sent. Invalid Usernames generates following errorstack:

Message not found. Application: FND, Message Name: UMX_LOGIN_HELP_UNEXPECTED_ERROR. java.sql.SQLException: ORA-01403: no data found ORA-06512: at "APPS.UMX_LOGIN_HELP_PVT", line 619 ORA-06512: at "APPS.UMX_LOGIN_HELP_PVT", line 727 ORA-06512: at line 1

This behavior effectively advises anyone attempting to breach the system when they have guessed a valid username. Expected behavior is that a generic, consistent message is presented regardless of value passed as username

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Solution

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Login Assistance Shows SQL Errorstack When Invalid Username Used (Doc ID 2656935.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!