Toad World® Forums

Password change bug

I recently attempted to change my password. Toad knows the existing PW, fills that in, I put in my new PW twice, clicked OK, and got an error from Oracle that I had to change 3 characters.

OK, no problem, I reopen the PW change screen, old PW pre filled in, put in a new PW that changes 3 characters, and hit OK, get error that the PW is invalid from Oracle.

OK, so I think the PW filled in by toad is the new one that I attempted to change but Oracle had an error with.

So I reopen the PW screen, change the pre filled in PW to my old PW, put in my new PW and hit OK, and now I get an error from TOAD that the old PW is not correct.

Please allow the old PW to be different from what TOAD thinks is the correct PW and/or check for errors before updating it.

OK, so I think the PW filled in by toad is the new one that I attempted to change but Oracle had an error with.

Yup, that’s what was happening. I don’t have any password complexity rules set up but I was able to reproduce it by putting in a password that is greater than 30 characters long.

I’ve made a couple of changes.

  1. If the password change fails, the window will stay open (you can try again or cancel)

  2. If you close the window after a failed attempt of changing the password, we won’t remember what you first tried to change it to.

Perfect. Thank you for the quick response and fix.

Now I have to wait for my company to approve the new version, so I’ll probably be dealing with this for a year or so…

I have found a workaround: close the session and re-login, it will accept the PW if the database does, and then you can try to change it again with a password that meets the rules.

You’re welcome. There is always 'alter user identified by ’ in the editor…

I am having the same problem. I do not understand your answer. What did you make changes to?

The changes that I was referring to in my prior reply were in the dialog that comes up when you click (from the main menu) Session -> Change Password.

This is in the current 12.10 beta.

Thanks. For security reasons is there a way to keep Toad from loading the old password into the old password field when you do a Change Password?

From: John Dorlon [mailto:bounce-jdorlon@toadworld.com]

Sent: Thursday, August 25, 2016 2:53 PM

To: toadoracle@toadworld.com

Subject: RE: [Toad for Oracle - Discussion Forum] Password change bug

RE: Password change bug

Reply by John Dorlon

The changes that I was referring to in my prior reply were in the dialog that comes up when you click (from the main menu) Session -> Change Password.

This is in the current 12.10 beta.

To reply, please reply-all to this email.

Stop receiving emails on this subject.

Or
Unsubscribe from Toad for Oracle Forum
notifications altogether.

Toad for Oracle - Discussion Forum

Flag
this post as spam/abuse.

There is not, but it isn’t really a security risk. It’s impossible to copy/paste the password out of there, and Oracle doesn’t require a re-entry of the old password to change it. So a user could just as easily go to the Editor and type in 'alter user identified by ; The only reason that we have a field for it is that in a few cases with proxy connections, we have to make a new connection to make the change.

This is incorrect. When password change failed due to specific application rules, I received and error message pop-up. There is no way to close the error pop-pup without closing the password change pop-up. At this point, the login manager already saved the new failed password over the original proper password. I have to disconnect the session and reconnect with the correct password again.
Any help will be appreciated.

Hi i-fan.l.kramer,

I tried to reproduce this using the latest version of Toad (13.3) and could not.

Please give exact steps to reproduce your problem, and let me know which version of Toad you are using.

-John

I am using 12.5.1.1 Xpert version.

When I use the change password option under the Session menu. The password change pop-up auto fills in my current saved password. If the new password I put
in is rejected by the application, it will pop-up an error message. The error message pop-up has to be closed before I can proceed to put in a different new password. But closing the error message window will close the password change pop-up at the same
time. At this point Toad changed and saved my passwod which disable the session as password is no long valid for the session. I have to disconnect and reconnect a new session in order to proceed.

Ah, 12.5, that explains it. Look up a few posts and you'll see that it was fixed in 12.10.

-John

Never mind. I found it.