BEA WebLogic Server/Express Potential Administrator Password Disclosure Weakness

Due to a programmatic flaw, vulnerable versions of WebLogic Server/Express may write the cleartext administrator password used to boot the server to the configuration file "config.xml". The immediate risk is lowered because not all potential attackers may have access to this file.

The weakness is corrected in Service Pack 2.


 

Privacy Statement
Copyright 2010, SecurityFocus