Quickest way to decrypt passwords in Oracle WebLogic Server 12c

There are lots of scripts online that show you how to decrypt WebLogic passwords. Some work on different versions of the product but not others. Here's the simplest, most straightforward approach to decrypting passwords in Oracle WebLogic Server 12c.

This has been tested on Oracle WebLogic Server 12.1.3 and 12.2.1.

Location of AES Encrypted Passwords

Passwords are mainly located in configuration files here:

$DOMAIN_HOME/config/config.xml
$DOMAIN_HOME/config/jdbc/*.xml

Decrypt WebLogic Passwords

1. Get the password you would like to decrypt (in AES format). For example:

cd /u01/app/oracle/middleware/user_projects/domains/wl_domain/config
cat config.xml | grep AES

2. Run WLST:

cd /u01/app/oracle/middleware/oracle_common/common/bin
./wlst.sh

3. Set the domain and decrypt the password:

domain = "/u01/app/oracle/middleware/user_projects/domains/wl_domain"
service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
print encryption.decrypt("{AES}nFIptO4HdY8fxSgLjrS8ZNqsVlcB2zQZzYJQ9o7AbJU=")

Enter the domain name, and paste the entire {AES} password as shown.

Example

Quickest way to decrypt passwords in Oracle WebLogic Server 12c

Ahmed Aboulnaga

Ahmed Aboulnaga

Database: Rolling Password Change

Getting JPS-01050 when starting WebLogic (cannot open wallet)

WLST script to monitor WebLogic status, heap, JDBC, and JMS

Easy Fix For Quarkus 1.2.0 Native Build