BEA WebLogic Server/Express Potential Administrator Password Disclosure Weakness
BID:9503
Info
BEA WebLogic Server/Express Potential Administrator Password Disclosure Weakness
| Bugtraq ID: | 9503 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 27 2004 12:00AM |
| Updated: | Jan 27 2004 12:00AM |
| Credit: | Announced by BEA Systems. |
| Vulnerable: |
BEA Systems WebLogic Server for Win32 8.1 SP 1 BEA Systems WebLogic Server for Win32 8.1 BEA Systems Weblogic Server 8.1 SP 1 BEA Systems Weblogic Server 8.1 BEA Systems WebLogic Express for Win32 8.1 SP 1 BEA Systems WebLogic Express for Win32 8.1 BEA Systems WebLogic Express 8.1 SP 1 BEA Systems WebLogic Express 8.1 |
| Not Vulnerable: |
BEA Systems WebLogic Server for Win32 8.1 SP 2 BEA Systems Weblogic Server 8.1 SP 2 BEA Systems WebLogic Express for Win32 8.1 SP 2 BEA Systems WebLogic Express 8.1 SP 2 |
Discussion
BEA WebLogic Server/Express Potential Administrator Password Disclosure Weakness
Due to a programmatic flaw, vulnerable versions of WebLogic Server/Express may write the cleartext administrator password used to boot the server to the configuration file "config.xml". The immediate risk is lowered because not all potential attackers may have access to this file.
The weakness is corrected in Service Pack 2.
Due to a programmatic flaw, vulnerable versions of WebLogic Server/Express may write the cleartext administrator password used to boot the server to the configuration file "config.xml". The immediate risk is lowered because not all potential attackers may have access to this file.
The weakness is corrected in Service Pack 2.
Exploit / POC
BEA WebLogic Server/Express Potential Administrator Password Disclosure Weakness
There is no exploit code required.
There is no exploit code required.
Solution / Fix
BEA WebLogic Server/Express Potential Administrator Password Disclosure Weakness
Solution:
This weakness is corrected in version 8.1 SP2. Users should install Service Pack 2.
Solution:
This weakness is corrected in version 8.1 SP2. Users should install Service Pack 2.
References
BEA WebLogic Server/Express Potential Administrator Password Disclosure Weakness
References:
References:
- SECURITY ADVISORY (BEA04-50.00) (BEA Systems)