SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Oracle WebLogic Vendors:   BEA Systems
WebLogic Command and Administrative Scripts May Contain Clear Text Passwords
SecurityTracker Alert ID:  1011229
SecurityTracker URL:  http://securitytracker.com/id/1011229
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 14 2004
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 6.1 SP6, 7.0 SP4, and 8.1 SP2; and prior service packs
Description:   A security issue was reported in WebLogic Server and WebLogic Express. A local user may be able to view passwords contained in scripts used to run some command line utilities and Administrative ant tasks.

BEA Systems reported that some scripts used to run some command line utilities and Administrative ant tasks may contain clear-text passwords.

Impact:   A local user may be able to view passwords.
Solution:   A fix for WebLogic Server 6.1, 7.0, and 8.1 is available to permit encrypted passwords to be used.

The following fix information is available [quoted]:

* For WebLogic Server 8.1: Upgrade to Service Pack 3 and review the materials provided in http://e-docs.bea.com/wls/docs81/notes/new.html under the heading User Configuration and User Key Files for weblogic.Admin and Ant Tasks

* For WebLogic Server 7.0: Upgrade to Service Pack 5 and review the materials provided in http://e-docs.bea.com/wls/docs70/programming/deploying.html under the heading weblogic.Deployer Utility

* For WebLogic Server 6.1: Upgrade to Service Pack 6 and apply the patch provided in the following zipfile: ftp://ftpna.beasys.com/pub/releases/security/CR136544_61sp6.zip

This fix will be included in WebLogic Server 6.1 Service Pack 7.

Vendor URL:  dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-68.00.jsp (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC