The security.xml file, such as /opt/WebSphere/AppServer/profiles/your_profile/config/cells/your_cell/security.xml, contains "xor" encrypted passwords, like this.

serverPassword="{xor}Gi58JSwfODJuFQ=="
bindPassword="{xor}CmcYbTc1aSVvJy5tEmc="

The following Java command can then be used to decode the "xor" passwords into cleartext.

java -classpath /opt/WebSphere/AppServer/plugins/*:/opt/WebSphere/AppServer/lib/* com.ibm.ws.security.util.PasswordDecoder {xor}Gi16ABcdAApuAB=

Which should return something like this.

encoded password == "{xor}Gi16ABcdAApuAB=", decoded password == "Er%_HB_U1_@"