Where Are My Keys? 2025 Guide to Recovering Oracle WebLogic Admin Passwords

Written By Jeff Henkel

A few years back, I wrote this blog post about recovering a lost WebLogic Admin password.  As it turns out, in a recent attempt to reuse my own steps, I found that they no longer work on the latest versions of WebLogic, and so a new approach was needed.

 

Now, in Oracle’s defense, they do not want this to be easy, from a security perspective.  But, in the modern world, with changing staff at companies, various contractors and consultants accessing systems, and various vaults for password storage in play, sometimes passwords get lost. 

 

When that happens, having a proven way to recover a password, short of potentially reconfiguring an environment, can save a lot of time and effort.

 

So, in the case of WebLogic, the steps below should suffice.  All the below steps assume you are in a command-line utility (either LINUX/UNIX by default, or CMD for Windows) and have administrative privileges.  Also note that the commands below are relative with regards to pathing (i.e. the steps below use D:\ Oracle but will differ from system to system and OS to OS). 

 

The steps are as follows: 

1.     Navigate to D:\Oracle\Middleware\common\bin

2.     Run wlst.cmd or Run wlst.sh

3.     Once wlst has returned a prompt, you are now operating via its language, and the commands are:

a.     domain = "D:/Oracle/Middleware/user_projects/domains/EPMSystem"

b.     service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)

c.      Next you need to get the value for YOUR password or username (you can decrypt either) from the boot.properties file on the system:

                                               i.     Get the AES password value from the Boot.properties file at: D:\Oracle\Middleware\user_projects\domains\EPMSystem\servers\FoundationServices0\security.

                                              ii.     This value will have a “/” in the boot.properties file string as shown here:  {("{AES}deWtj7sWed/Hwek8Jbxdha+94M0cbEMThrdyZxtyo/="

                                            iii.     This “/” needs to be removed from the print command in step “e” or the command will fail.

d.     encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)

e.     print encryption.decrypt("{AES}deWtj7sWed/Hwek8Jbxdha+94M0cbEMThrdyZxtyo=")

                                               i.     As noted above, there is no slash in the AES key passed to wlst

 

Once you run the above commands, the wlst console will print out the unencrypted value of the password, or username, depending on the AES key provided.

 

So, now you know how to recover a lost WebLogic Admin Console password or username.  As always, if you are facing any EPM or Cloud Infrastructure questions or concerns, please reach out to iArch Solutions for assistance.  We’re always happy to help!

Jeff Henkel
Next

Oracle Cloud EPM AI Innovations: Enhancing Finance with AI and Machine Learning