PAM - java.sql.SQLException: ORA-01005: null password given; logon denied

book

Article ID: 142162

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

The following issues started to occur with OracleDB users.
1. Unable to vault database accounts and synchronize in PAM
2. Unable to verify a few of the existing accounts, it accepts the password, shows unverified

Tomcat catalina.out reports following exception:
java.sql.SQLException: ORA-01005: null password given; logon denied

Cause

It is a known issue with Oracle JDBC Driver verion 12.1.0.2

Environment

Release : 3.x.x
Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

PAM bundles Oracle JDBC Driver 12.1.0.2 which is affected by a known issue when FIPS mode is enabled.
https://support.oracle.com/epmos/faces/DocumentDisplay?_adf.ctrl-state=13dl84ac07_4&id=2291445.1

* Note
This issue is even observed without FIPS enabled.

----------------8<--------------
CAUSE
When using the FIPS, the JDBC driver may report an ORA-01005 error when opening a connection.
This issue is reported in Bug 25034560 - 12.1.0.2 JDBC WITH BOUNCYCASTLE FIPS FAILS WITH ORA-1005, closed as
duplicate of unpublished Bug 26371973 - UNABLE TO CONNECT TO ORACLE DATABASE WHEN FIPS140-2 IS ENABLED.

SOLUTION
Apply Merge Patch: 26675580 on top of JDBC 12.1.0.2.
Merge Patch:26675494 also exists for JDBC 12.2.0.1.
As a workaround for this issue, use JDBC 12.1.0.1.0 instead of JDBC 12.1.0.2.0 as this issue has been determined in some
cases not to be reproducible with JDBC 12.1.0.1.0 .
.
REFERENCES
BUG:25034560 - 12.1.0.2 JDBC WITH BOUNCYCASTLE FIPS FAILS WITH ORA-1005; 12.1.0.1 WORKS
----------------8<--------------

This issue can be encountered if PAM servers or OracleDB has FIPS mode enabled.
This ojdbc7-12.1.0.2.jar needs to be replaced with ojdbc7-12.1.0.1.jar(older) or ojdbc7-12.2.0.1.jar(newer) to avoid this problem.

Additional Information

https://support.oracle.com/epmos/faces/DocumentDisplay?_adf.ctrl-state=13dl84ac07_4&id=2291445.1