Vulnerability Note VU#350350
BEA WebLogic Server stores administrator password in clear text in config.xml
BEA WebLogic Server stores the administrator password used to boot the server in clear text within the config.xml file.
BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing distributed Java applications." There is a vulnerability in the way BEA Weblogic Server stores the administrative password used to boot the server.
According to the BEA Security Advisory,
A user with access to the config.xml file may acquire the administrator password used to boot the server. The user could subsequently use this password to impersonate an administrator.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|BEA Systems Inc.||Affected||-||12 Apr 2004|
CVSS Metrics (Learn More)
This vulnerability was reported by BEA Systems Inc.
This document was written by Lucy Crocker.
- CVE IDs: Unknown
- Date Public: 27 Jan 2004
- Date First Published: 12 Apr 2004
- Date Last Updated: 14 Apr 2004
- Severity Metric: 7.24
- Document Revision: 10
If you have feedback, comments, or additional information about this vulnerability, please send us email.