CVE-2005-4755

2006-04-0102:00:00

mitre

www.cve.org

bea weblogic server

cleartext

private key passphrase

storage

security issue

cryptographic keys

AI Score

6.3

Confidence

Low

EPSS

Percentile

5.1%

JSON

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys.

References

dev2dev.bea.com/pub/advisory/145

dev2dev.bea.com/pub/advisory/150

secunia.com/advisories/17138

www.securityfocus.com/bid/15052