3 Replies Latest reply: Nov 26, 2013 9:04 AM by Christian Neumueller-Oracle RSS

    Oracle APEX Change Password Functionality Error

    Austin_G

      Hi All,

       

      Application Express Version #: 4.2.0.00.27

       

      We’ve recently encountered an error in the Oracle APEX Change Password functionality. 

       

      We’ve found the following:

      1. when a user is prompted to change their password (because it has expired)  and they enter their new details. 
      2. When they hit the [Return] button the APEX Designer login screen is displayed (/apex/f?p=4550). The screen that displays the fields to allow a developer to enter the; Workspace Name, User Name and Password.

       

      This is a security issue for us, as our application is used by external clients.

      We performed initial investigations and thought this issue may occurred when the APEX  Application Build status is  Run And Build Application, and the user is prompted to change their password. In this scenario if the user enters the new password details and selects the [Return] button the APEX Designer screen is displayed.

      We’ve found that an external client received the APEX Designer login screen after changing the password when the APEX Application Build Status was Run Application Only.

      Can someone provide some help to resolve this issue.

       

      Many Thanks in advance.

       

      Austin