Insecure Storage of Password Encryption Secrets in BEA WebLogic Server and Express 7.0 and 7.0.0.1

Insecure Storage of Password Encryption Secrets in BEA WebLogic Server and Express 7.0 and 7.0.0.1

CVE-2003-1226 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.

Learn more about our Web App Pen Testing.