How to Decrypt Oracle EBS User Passwords from the Database using SQL QUERY

-

Oracle stores passwords in encrypted format, and this SQL script demonstrates how you can decrypt user passwords using standard EBS API functions such as get_pwd.decrypt.

Important Note: This script is for educational and internal system diagnostics only. Never use it in production environments without proper security authorization.

Use Case

This SQL is particularly useful for:

  • Testing internal password decryption functionality

  • Validating password migrations during EBS clone or refresh

  • Technical support or audit trails in development/test environments

SQL Query:

    SELECT usr.user_name,

       get_pwd.decrypt

          ((SELECT (SELECT get_pwd.decrypt

                              (fnd_web_sec.get_guest_username_pwd,

                               usertable.encrypted_foundation_password

                              )

                      FROM DUAL) AS apps_password

    --add another columns if needed

              FROM fnd_user usertable

             WHERE usertable.user_name =

                      (SELECT SUBSTR

                                  (fnd_web_sec.get_guest_username_pwd,

                                   1,

                                     INSTR

                                          (fnd_web_sec.get_guest_username_pwd,

                                           '/'

                                          )

                                   - 1

                                  )

                         FROM DUAL)),

           usr.encrypted_user_password

          ) PASSWORD

-- Add another tables if needed

FROM fnd_user usr

WHERE LOWER(usr.user_name) LIKE LOWER('GIVE_USERNAME_HERE');


How It Works

  • fnd_web_sec.get_guest_username_pwd retrieves the guest user’s credentials (e.g., GUEST/ORACLE).

  • The script extracts the GUEST user from that string.

  • Then, using get_pwd.decrypt, it decrypts the foundation password of the guest user.

  • Finally, it decrypts the password of the target user.

Security Disclaimer

  • This query must never be used on a live production instance without proper authorization. Passwords should remain encrypted for security compliance. This technique should be limited to sandbox or internal testing systems.

Location: Hyderabad, Telangana, India

Comments

Post a Comment

Popular posts from this blog

Query to find Responsibility and Request Group from Concurrent Program

-
 In this blog, we’ll break down a query that helps you trace a specific Concurrent Program through its Application , Request Group , and associated Responsibilities in Oracle EBS R12 Objective The goal of this query is to find: The User-Friendly Name of a Concurrent Program The Technical Concurrent Program Name The Application to which it belongs The Request Group under which it is registered The Responsibility that grants access to it This is especially useful for ensuring correct program registration or for debugging access issues. SQL Query:      SELECT DISTINCT      fcpl.user_concurrent_program_name,     fcp.concurrent_program_name,     fapp.application_name,     frg.request_group_name,     fnrtl.responsibility_name FROM      apps.fnd_request_groups         frg,     apps.fnd_application_tl         fapp,   ...
Read more »»»»

How to Extract User Role Details with SQL in Oracle Fusion

-
When working with Oracle HCM / Fusion Applications , administrators and developers often need to fetch details about users, their assigned roles, and their effective dates. This helps in audits, access reviews, and troubleshooting authorization issues. In this post, we’ll walk through a SQL query that retrieves user-role information from Oracle HCM tables. SQL Query:                          SELECT     pus.user_id             "User ID",     pus.username            "Username",     ppnaf.full_name         "Full Name",     prdn.role_common_name   "Role Common Name",     prdtl.role_name         "Role Name",     to_char(purs.start_date, 'DD-MON-YYYY') "Role Start Date",     to_char(purs.end_date, 'DD-MON-YYYY')   "...
Read more »»»»

3 Way PO Matching SQL Query in Oracle Fusion: Purchase Order, Receipt, and Invoice Reconciliation

-
3 Way Matching SQL Query in Oracle Fusion: Purchase Order, Receipt, and Invoice Reconciliation In any procurement system, ensuring the accuracy of supplier payments is critical. One of the most robust methods for validating supplier invoices is the 3-way matching process. This blog breaks down the 3-way matching concept in Oracle E-Business Suite (EBS) or Oracle Fusion, explains its benefits, and presents a detailed SQL query that helps extract and reconcile PO, Receipt, and Invoice data. What is 3-Way Matching ? 3-Way Matching is a process that compares the following three documents before payment is released: Purchase Order (PO) – What you ordered Receipt – What you received Invoice – What the supplier billed This comparison ensures that you only pay for goods that were ordered and received , avoiding overpayments, duplicates, and fraud. Matching Criteria   Element              PO      Receipt  ...
Read more »»»»