Bootstrap FreeKB - IBM WebSphere - Encode password using PropFilePasswordEncoder
IBM WebSphere - Encode password using PropFilePasswordEncoder

Updated:   |  IBM WebSphere articles

Let's say you have your WebSphere admin password defined in plaintext in certain properties files, such as in the soap.client.props file.

com.ibm.SOAP.loginPassword=itsasecret

 

The PropFilePasswordEncoder.sh (Linux) or PropFilePasswordEncoder.bat (Windows) script can be used to XOR encode the password. Here is an example of how you would XOR encode the password in the soap.client.props file.

${WAS_INSTALL_ROOT}/profiles/your_profile/bin/PropFilePasswordEncoder.sh ${WAS_INSTALL_ROOT}/profiles/your_profile/properties/soap.client.props com.ibm.SOAP.loginPassword

 

After the PropFilePasswordEncoder script completes, if you re-check the soap.client.props file, you should see something like this.

com.ibm.SOAP.loginPassword={xor}Gi16ABcdAApuAB=

 

It's important to recognize that this is "security through obsecurity", which is not real security at all. The XOR encoded password can easily be reverse engineered back it the original plain text password.

The following Java command can then be used to decode the XOR passwords into cleartext.

java -classpath /opt/WebSphere/AppServer/plugins/*:/opt/WebSphere/AppServer/lib/* com.ibm.ws.security.util.PasswordDecoder {xor}Gi16ABcdAApuAB=

 

Which should return something like this.

encoded password == "{xor}Gi16ABcdAApuAB=", decoded password == "itsasecret"

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter e22608 in the box below so that we can be sure you are a human.