As horrible as can be, but unfortunately IBM does not really hash their passwords in, for example, Security.xml.

Did you forget your keystore or DB password?

Don't sweat it, just copy the {xor} string and head over to:

http://www.sysman.nl/wasdecoder/

You can also do it on the server with the WAS installation.

/opt/ibm/AppServer/java/bin> ./java -cp ../../bin/ProfileManagement/plugins/com.ibm.websphere.v61_6.1.200/ws_runtime.jar com.ibm.ws.security.util.PasswordDecoder {xor}CDo9Hgw=

Result:
encoded password == "{xor}CDo9Hgw=", decoded password == "WebAS"

Please consider supporting my efforts.

Amount: 

Friday the 19th. Wasen.net.