BEA WebLogic Application Code Password Decryption

2006-01-24T11:43:12
ID OSVDB:22774
Type osvdb
Reporter OSVDB
Modified 2006-01-24T11:43:12

Description

Vulnerability Description

BEA WebLogic Server contains a flaw that may allow a malicious user to create an application that can decrypt system passwords. It is possible that the flaw may allow access to decrypted system passwords, resulting in a loss of confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released patches to address this vulnerability.

Short Description

BEA WebLogic Server contains a flaw that may allow a malicious user to create an application that can decrypt system passwords. It is possible that the flaw may allow access to decrypted system passwords, resulting in a loss of confidentiality.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1015528 Secunia Advisory ID:18592 Keyword: BEA06-114.00 FrSIRT Advisory: ADV-2006-0313 CVE-2006-0427 Bugtraq ID: 16358