Weak Permissions in WebLog Expert Web Server Enterprise 9.4 Allow Local Users to Set Cleartext Password and Login as Admin

Weak Permissions in WebLog Expert Web Server Enterprise 9.4 Allow Local Users to Set Cleartext Password and Login as Admin

CVE-2018-7581 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login as admin.

Learn more about our Web App Pen Testing.