Quite a long ago, I did post about decrypting jazn passwords, which came pretty handy for most of time including when I, myself forgot the passwords.
Here is some advance version, do email me if you figure it out:
Let's say, for sake of simplicity if you have 10g or 11g SOA installed on Unix box with unix oracle user.
a) If you happen to have only weblogic (or oc4jadmin) password to login to Web console. Is it possible to gain unix shell access (with oracle user) and also all database schema (and jms) passwords configured in app server?
b) If you happen to have unix shell access (with oracle user), can you gain access to weblogic or oc4j console and all db/jms password?
Answer to all questions is yes, the real question is how..