Saturday, August 17, 2013
Don't mix and match your GUEST passwords
Continuing Security Week here, My Oracle Support note 602425.1 tells you what happens when you change the password for the GUEST account to all lowercase or mixed characters in R12. This type of situation reminds me of a time where we went to a single sign-on application but didn't test any permutations of accepted user passwords so there was a range of symbols which went untested before release. When we made the switch to the new solution, it was in conjunction with a localization patch as well so it made it hard to understand what was causing a very small group of users not to be able to successfully log into the EBS system. It wasn't until we did additional research like enabling logs and asking specific questions about what was in their passwords (without actually getting the passwords of course) that we realized the population having the problem all had special characters in their passwords and that the translation of the passwords from one system to another wasn't setup to allow the special characters until we could release a hot fix to the system.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment