Here is a small How To in order to reset the Admin User "weblogic" password.
1st Step: Stop your Weblogic Server, if it's running
oracle@server>cd $MW_HOME/user_projects/domains/<your_domain>/bin oracle@server>./stopWebLogic.sh <your_server>
2nd Step: Source the necessary environment variables for your WebLogic Server
oracle@server>cd $MW_HOME/user_projects/domains/<your_domain>/bin oracle@server>./setDomainEnv.sh
3rd Step: Creation of a new WebLogic Server Admin User
oracle@server>cd $MW_HOME/user_projects/domains/<your_domain>/security # the first value after the command "java weblogic.security.utils.AdminAccount" # is the new username # the second value is the password for the new Admin User # IMPORTANT !!! After the password value you must place a "." (dot) !!!! # This command will update the DefaultAuthenticatorInit.ldift # configuration file oracle@server>java weblogic.security.utils.AdminAccount myadmin oracle11g .4th Step: Delete the file DefaultAuthenticatormyrealmInit.initialized
oracle@server>cd $MW_HOME/user_projects/domains/<your_domain>/servers/AdminServer/data/ldap oracle@server>rm DefaultAuthenticatormyrealmInit.initialized
5th Step: Startup the WebLogic Server
# Depending if you are using a boot.properties file # you must choose between the two following options # a) Without boot.properties configuration file oracle@server>cd $MW_HOME/user_projects/domains/<your_domain>/bin oracle@server> ./startWebLogic.sh <your_domain> # Here you will be prompted for your WebLogic Server Admin User and his Password # Use now your newly created Admin User # b) With a configured boot.properties configuration file # Remove your boot.properties configuration file oracle@server>cd $MW_HOME/user_projects/domains/<your_domain>/servers/AdminServer/security oracle@server>rm boot.properties # Startup your WebLogic Server oracle@server>cd $MW_HOME/user_projects/domains/<your_domain>/bin oracle@server> ./startWebLogic.sh # Here you will be prompted for your WebLogic Server Admin User and his Password # Use now your newly created Admin User
For the above mentioned two options see my Blog Post http://dirknachbar.blogspot.com/2009/08/security-hole-in-fusion-middleware-11g.html
6th Step: Login to your WebLogic Server Console with your newly created Admin User and change the password of the original WebLogic Server Admin User "weblogic"
# Navigate to "Security Realms"
# There you'll see two Admin Users: weblogic and your newly created Admin User
# Change the password of the user weblogic
7th Step (optionally): If you was using a boot.properties configuration file before, you must recreate it with the new values for the Admin User and the reseted password
Additional Note (26.01.2011): Please be aware that the above described procedure is NOT working with a database security store !!! (Thanks for the input from Nazir, see comments below)