All you need to know about WebSphere Passwords is in this Infocenter Note.
In a word, WebSphere encodes passwords and store the encoded value in some XML file. The application server includes an encoder, but the decoder is on you. This encoding is not considered an appropriate password protection technique and there are several ways to hack this.
JAAS encoded password are stored here:
profile_root/config/cells/cell_name/security.xml
The full list of credentials and related XML files is listed in the first link of this answer.