{"vuid":"VU#350350","idnumber":"350350","name":"BEA WebLogic Server stores administrator password in clear text in config.xml","keywords":["BEA","WebLogic Server","clear text","passwords","config.xml"],"overview":"BEA WebLogic Server stores the administrator password used to boot the server in clear text within the config.xml file.","clean_desc":"BEA Systems describes WebLogic Server as \"an industrial-strength application infrastructure for developing, integrating, securing, and managing distributed Java applications.\"  There is a vulnerability in the way BEA Weblogic Server stores the administrative password used to boot the server. According to the BEA Security Advisory, \nDue to a coding error, the administrator password used to boot the server might automatically be written in clear text to the config.xml file. A user with access to the config.xml file can obtain the password and use it to impersonate an administrator. The BEA Security Advisory states that the following versions of WebLogic Server and Express are affected by this vulnerability: WebLogic Server and Express 8.1, released and Service Pack 1, on all platforms","impact":"A user with access to the config.xml file may acquire the administrator password used to boot the server. The user could subsequently use this password to impersonate an administrator.","resolution":"Apply Patch\nBEA has released an advisory to address this issue. According to the BEA Security Advisory, it is recommended that users upgrade to Service Pack 2.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by BEA Systems Inc.","author":"This document was written by Lucy Crocker.","public":["http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_50.00.jsp","http://www.secunia.com/advisories/10728/","http://www.securityfocus.com/bid/9503/"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-01-29T19:51:04Z","publicdate":"2004-01-27T00:00:00Z","datefirstpublished":"2004-04-12T16:10:38Z","dateupdated":"2004-04-14T16:20:16Z","revision":12,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"7","cam_population":"9","cam_impact":"13","cam_easeofexploitation":"15","cam_attackeraccessrequired":"10","cam_scorecurrent":"7.239375","cam_scorecurrentwidelyknown":"8.8846875","cam_scorecurrentwidelyknownexploited":"15.4659375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":7.239375,"vulnote":null}