The Oracle Application Framework supports a diagnostic and developer mode feature that are intended to be enabled from developer or administrative interfaces. However, any user can manually enable the modes by setting the "OADiagnostic" or "OADeveloperMode" cookies to "1".
Enabling diagnostic mode causes the server to present a "Diagnostics" link at the top and bottom of every page, and an "About this page" link at the bottom. This can be performed on pages that do not require authentication.
For example, clicking on the "Diagnostics" link allows the user to enable a number of tracing and logging functions. Clicking on "About this page" presents environment and session information. The "profiles" tab in the "About this page" section allows access to a number of sensitive settings, including passwords and encryption/decryption keys.