Insecure Storage of Password Encryption Secrets in BEA WebLogic Server and Express 7.0 and 7.0.0.1
CVE-2003-1226 · LOW Severity
AV:L/AC:L/AU:N/C:P/I:N/A:N
BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.
Learn more about our Web App Pen Testing.