Using XPSConfig to change Admin Password results in clear text passwords in sm.registry

Document ID : KB000054405
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Passwords are stored in clear text when using XPSConfig for AdminPasswords changings.

Example:
Changing DbLogAdminPassword leads to clear text password value in:
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Database\Log\Password

Solution:

Passwords should be further set and changed by using SiteMinder Policy Server Management Console.

Starting with r12 SP1 CR4, XPSConfig utility will store passwords as RC2 encrypted values, too in sm.registry.