The security.xml file, such as /opt/WebSphere/AppServer/profiles/your_profile/config/cells/your_cell/security.xml, contains "xor" encrypted passwords, like this.

serverPassword="{xor}Gi58JSwfODJuFQ=="
bindPassword="{xor}CmcYbTc1aSVvJy5tEmc="

The following Java command can then be used to decode the "xor" passwords into cleartext.

java -classpath /opt/WebSphere/AppServer/plugins/*:/opt/WebSphere/AppServer/lib/* com.ibm.ws.security.util.PasswordDecoder {xor}NissPiw6PC06Kw==

Which should return something like this.

encoded password == "{xor}Gi16ABcdAApuAB=", decoded password == "itsasecret"

Likewise, you can also encode a string to XOR.

java -classpath /opt/WebSphere/AppServer/plugins/*:/opt/WebSphere/AppServer/lib/* com.ibm.ws.security.util.PasswordEncoder itsasecret

Which should return something like this.

decoded password == "itsasecret", encoded password == "{xor}NissPiw6PC06Kw=="