Thoughts, ideas and solutions from a few EPM consultants.

Recover Lost Weblogic Password

The other day I was helping a client with changing their weblogic admin password since it had been misplaced. I started by using the steps outlined here, they work great by the way and if you have this issue in a single server environment I recommend using this link to reset your password. The environment I was working with is a distributed environment, as I would imagine most are. I finished they steps on the first server and went on to the second server. While in the second server I discovered there was a file that contained the EPM weblogic username and password in clear text (X:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\AdminServer\security\boot.properties). I then reverted the steps taken on the first server (always leave a path to go back) and started the Weblogic Admin Server. Once started I was able to test the credintals and sure enough it worked.

I have confirmed this with Justin who happens to be working with a Linux distributed environemnt that the file exists in clear text on linux as well.

My guess is this file is unused and can be deleted so maybe ill try doing that in my next install but this seems like security concern in that anyone with server access can view the password. Its one thing to be able to change the password with server access its another thing entirely to be able to see the current password.