BEA WebLogic Active Directory LDAP Account Lockout Bypass

2004-09-13T00:00:00
ID OSVDB:9977
Type osvdb
Reporter BEA Systems()
Modified 2004-09-13T00:00:00

Description

Vulnerability Description

WebLogic Server and WebLogic Express contains a flaw that may allow a malicious user to gain access using a disabled account. The issue is triggered when WebLogic Server/Express uses Active Directory LDAP for authentication. It is possible that the flaw may allow unauthorized access resulting in a loss of confidentiality and/or integrity.

Solution Description

Upgrade to version 8.1 SP3 or higher, as it has been reported to fix this vulnerability. Users of 7.0 should ugrade to Service Pack 5 and apply the vendor patch, as it has been reported to fix this vulnerability.

Short Description

WebLogic Server and WebLogic Express contains a flaw that may allow a malicious user to gain access using a disabled account. The issue is triggered when WebLogic Server/Express uses Active Directory LDAP for authentication. It is possible that the flaw may allow unauthorized access resulting in a loss of confidentiality and/or integrity.

References:

Vendor URL: http://www.bea.com/ Vendor Specific Advisory URL Secunia Advisory ID:12524 Related OSVDB ID: 9978 Related OSVDB ID: 9974 Related OSVDB ID: 9973 Related OSVDB ID: 9972 Related OSVDB ID: 9976 Related OSVDB ID: 9975 Keyword: BEA04-72.00