Passwords in the installation.log file are not encrypted and plainly visible.

We have recently purchased/installed DevTest 10.6 and our security team has shared the below findings:

During the penetration test, the configuration files on the our server were examined.

In the examination, it is seen that such passwords are stored encrypted in the files. However, in a document that was found to be a log file upon examination, this situation is in question.

It has been seen that it is not accessible because the password is kept open.

With the password obtained, it was possible to login into the database.