We are currently using ALM with SSL/HTTPS and have indicated the keystore password down in  the jetty-ssl.xml file using "clear text". Our security people want us to use the "obfuscated" form instead. How do we "obfuscate" our password to use in the ALM Jetty-ssl.xml  file?

Our Systems guys ran an enterprise  security audit and say we had a vulnerability (JBoss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure) reported on one of our ALM servers. Have you encountered this before and have any recommendations for resolution?