ALERT Oracle Issue - You will receive an email if your instance has the security risk.

[kenn10]

Cloud Infrastructure Oracle Cloud Infrastructure Identity - Rotate Credentials Oracle Cloud Infrastructure Customer, Oracle has identified security vulnerability CVE-2022-21503 that affected the Oracle Cloud Infrastructure (OCI) Identity service. As a result of this vulnerability, administrators and their designees with read-access to the OCI audit-records in your tenancy could have viewed some credentials in clear text. For this reason, several of your users' console UI passwords must be changed by July 18, 2022: • When those users log in to the OCI console, the login process will prompt them to change their console passwords. • If any of those users does not log in to the OCI console by July 18, 2022, that user's console password will expire. • Once a user's console password has expired, that user cannot log in. The user can either reset that console password (if the user has a verified email-address) or ask an administrator to reset the user's console password. • Once an expired console password has been reset, the user can log in to the OCI console and the login process will prompt the user to change the console password. How do I find the console passwords that must be changed? To find which credentials your users must change, use Cloud Shell in the Oracle Cloud Admin Console to run the tool that Oracle has provided. You can rerun this tool periodically to track your progress in rotating affected credentials. The benefit of using Cloud Shell is that Cloud Shell comes packaged with the necessary Python interpreter and dependencies required to run the script. Cloud Shell also performs authentication with no extra configuration. • Most administrators already have the necessary permissions to access Cloud Shell. They can click the Cloud Shell icon and type the command, "identity-audit-tool." • If you have not already set up Cloud Shell, see the topic entitled "Using Cloud Shell" in the public documentation: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/cloudshellgettingstarted.htm. Follow those instructions before running the command. The identity-audit-tool command scans your OCI tenancy for credentials that you must rotate and gives the following results: • If the tool encounters an error, the tool displays output that describes the error. • If the tool finds no credential that you must rotate, it prints one line: "Found no affected credential." • If the tool finds at least one credential that you must rotate, the tool prints a line of output for each credential that you must rotate. The tool also writes output to a comma-separated-value (CSV) file called "audit.csv." NOTE: The tool will overwrite any file named "audit.csv" in your home directory in CloudShell. The CSV file might be more convenient for analysis or for automated remediation. That CSV file contains a line of output for each credential that you must rotate. Each line of output includes values for the credential ID, credential type, credential status, user name, user OCID, and created date. If the script indicates that an audit report was written, you can download the output file "audit.csv" from Cloud Shell with the following steps: • From the Cloud Shell menu, click Download. • When the dialog box labeled "Download File" appears, enter the filename, such as "audit.csv." Click the Download button. • When the File Transfers dialog indicates that the download of audit.csv is complete, you can use that file locally Action Required ​ Action Required By: July 18, 2022 00:00 UTC Service(s): Oracle Cloud Infrastructure Identity Tenant Name: What should I do if I am still having an issue? Please contact support to create a Service Request and provide the Reference Number and Tenant ID shown below. Reference Number: CN-734160 Tenant ID: Visit the OCI Service Health Dashboard for current status information and to subscribe to notifications about interruptions to services in your region. Oracle Cloud Infrastructure ​ Community Support Feedback Documentation Service Health Dashboard This is a system generated message. Do not reply to this message. You are receiving this email as a result of your current relationship with Oracle Cloud. General marketing opt-out preferences have been overridden to ensure that you receive this email. Copyright 2022, Oracle and/or its affiliates. All rights reserved. About Oracle | Legal Notices and Terms of Use | Privacy Statement ​