BEA WebLogic Local Password Disclosure Vulnerability
BID:10133
Info
BEA WebLogic Local Password Disclosure Vulnerability
| Bugtraq ID: | 10133 |
| Class: | Design Error |
| CVE: |
CVE-2004-0652 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 13 2004 12:00AM |
| Updated: | Jul 12 2009 04:06AM |
| Credit: | This issue has been disclosed in the referenced vendor advisory. |
| Vulnerable: |
BEA Systems WebLogic Server for Win32 8.1 SP 2 BEA Systems WebLogic Server for Win32 8.1 SP 1 BEA Systems WebLogic Server for Win32 8.1 BEA Systems WebLogic Server for Win32 7.0 .0.1 SP 2 BEA Systems WebLogic Server for Win32 7.0 .0.1 SP 1 BEA Systems WebLogic Server for Win32 7.0 .0.1 BEA Systems WebLogic Server for Win32 7.0 SP 5 BEA Systems WebLogic Server for Win32 7.0 SP 4 BEA Systems WebLogic Server for Win32 7.0 SP 3 BEA Systems WebLogic Server for Win32 7.0 SP 2 BEA Systems WebLogic Server for Win32 7.0 SP 1 BEA Systems WebLogic Server for Win32 7.0 BEA Systems Weblogic Server 8.1 SP 2 BEA Systems Weblogic Server 8.1 SP 1 BEA Systems Weblogic Server 8.1 BEA Systems Weblogic Server 7.0 .0.1 SP 4 BEA Systems Weblogic Server 7.0 .0.1 SP 3 BEA Systems Weblogic Server 7.0 .0.1 SP 2 BEA Systems Weblogic Server 7.0 .0.1 SP 1 BEA Systems Weblogic Server 7.0 .0.1 BEA Systems Weblogic Server 7.0 SP 5 BEA Systems Weblogic Server 7.0 SP 4 BEA Systems Weblogic Server 7.0 SP 3 BEA Systems Weblogic Server 7.0 SP 2 BEA Systems Weblogic Server 7.0 SP 1 BEA Systems Weblogic Server 7.0 BEA Systems WebLogic Express for Win32 8.1 SP 2 BEA Systems WebLogic Express for Win32 8.1 SP 1 BEA Systems WebLogic Express for Win32 8.1 BEA Systems WebLogic Express for Win32 7.0 .0.1 SP 2 BEA Systems WebLogic Express for Win32 7.0 .0.1 SP 1 BEA Systems WebLogic Express for Win32 7.0 .0.1 BEA Systems WebLogic Express for Win32 7.0 SP 5 BEA Systems WebLogic Express for Win32 7.0 SP 4 BEA Systems WebLogic Express for Win32 7.0 SP 3 BEA Systems WebLogic Express for Win32 7.0 SP 2 BEA Systems WebLogic Express for Win32 7.0 SP 1 BEA Systems WebLogic Express for Win32 7.0 BEA Systems WebLogic Express 8.1 SP 2 BEA Systems WebLogic Express 8.1 SP 1 BEA Systems WebLogic Express 8.1 BEA Systems WebLogic Express 7.0 .0.1 SP 4 BEA Systems WebLogic Express 7.0 .0.1 SP 3 BEA Systems WebLogic Express 7.0 .0.1 SP 2 BEA Systems WebLogic Express 7.0 .0.1 SP 1 BEA Systems WebLogic Express 7.0 .0.1 BEA Systems WebLogic Express 7.0 SP 5 BEA Systems WebLogic Express 7.0 SP 4 BEA Systems WebLogic Express 7.0 SP 3 BEA Systems WebLogic Express 7.0 SP 2 BEA Systems WebLogic Express 7.0 SP 1 BEA Systems WebLogic Express 7.0 |
| Not Vulnerable: |
BEA Systems WebLogic Server for Win32 7.0 SP 5 BEA Systems Weblogic Server 7.0 SP 5 BEA Systems WebLogic Express for Win32 7.0 SP 5 BEA Systems WebLogic Express 7.0 SP 5 |
Discussion
BEA WebLogic Local Password Disclosure Vulnerability
Reportedly WebLogic Server and Express are prone to a local username/password disclosure vulnerability. This issue is due to a design error that implements certain internal methods that can reveal the username and passwords that were used to boot the system.
This issue will allow a local user with the ability to authenticate using the username and password that were used to boot the system; the username and password will necessarily correspond to an administrator.
Reportedly WebLogic Server and Express are prone to a local username/password disclosure vulnerability. This issue is due to a design error that implements certain internal methods that can reveal the username and passwords that were used to boot the system.
This issue will allow a local user with the ability to authenticate using the username and password that were used to boot the system; the username and password will necessarily correspond to an administrator.
Exploit / POC
BEA WebLogic Local Password Disclosure Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
BEA WebLogic Local Password Disclosure Vulnerability
Solution:
BEA Systems have released advisory BEA04-55.00 dealing with this issue. Users of WebLogic 7.0 are advised to upgrade to WebLogic 7.0 SP 5. Patch information has also been provided for WebLogic 8.1 SP 2:
BEA Systems Weblogic Server 7.0 SP 4
BEA Systems WebLogic Server for Win32 7.0 SP 4
BEA Systems Weblogic Server 8.1 SP 2
BEA Systems WebLogic Server for Win32 8.1 SP 2
BEA Systems WebLogic Express 8.1 SP 2
BEA Systems WebLogic Express for Win32 8.1 SP 2
Solution:
BEA Systems have released advisory BEA04-55.00 dealing with this issue. Users of WebLogic 7.0 are advised to upgrade to WebLogic 7.0 SP 5. Patch information has also been provided for WebLogic 8.1 SP 2:
BEA Systems Weblogic Server 7.0 SP 4
-
BEA Systems WebLogic Server 7.0 SP5
http://commerce.beasys.com/downloads/weblogic_server.jsp#wls
BEA Systems WebLogic Server for Win32 7.0 SP 4
-
BEA Systems WebLogic Server 7.0 SP5
http://commerce.beasys.com/downloads/weblogic_server.jsp#wls
BEA Systems Weblogic Server 8.1 SP 2
-
BEA Systems CR132949_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR132949_81sp2.jar
BEA Systems WebLogic Server for Win32 8.1 SP 2
-
BEA Systems CR132949_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR132949_81sp2.jar
BEA Systems WebLogic Express 8.1 SP 2
-
BEA Systems CR132949_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR132949_81sp2.jar
BEA Systems WebLogic Express for Win32 8.1 SP 2
-
BEA Systems CR132949_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR132949_81sp2.jar
References
BEA WebLogic Local Password Disclosure Vulnerability
References:
References:
- Security Advisory: (BEA04-55.00) (BEA Systems)