Websphere 6.1, password recovery

by luca
0 comment

With Websphere, you can store passwords in config files in a crypted form.
The  encryption algorithm used is XOR, with a secret key.

You can use the same java classes Wepshere internally use to manually crypt/decrypt a text string. Those classes are in ws_runtime.jar file, which you can find in Websphere installation path:

Move to the folder where ws_runtime.jar is located and run the classes from the package com.ibm.ws.security.util

  • PasswordEncoder, to encode
  • PasswordDecoder, to decode

including the jar in the classpath, for example:

java -cp ws_runtime.jar com.ibm.ws.security.util.PasswordEncoder <plain_password>
java -cp ws_runtime.jar com.ibm.ws.security.util.PasswordDecoder <encrypted_password>

I found also a useful website that decodes Websphere passwords:

Related Posts

Leave a Comment

sixteen + 6 =