Local Security Flaw in Oracle JDeveloper Reveals Sensitive Password Data
CVE-2005-2292

Currently unrated

Key Information:

Vendor: Oracle
Status: Jdeveloper
Vendor: CVE Published:; 18 July 2005

What is CVE-2005-2292?

Oracle JDeveloper versions 9.0.4, 9.0.5, and 10.1.2 have a vulnerability that can expose sensitive user credentials. This security issue arises as the software stores cleartext passwords in configuration files such as IDEConnections.xml, XSQLConfig.xml, and settings.xml. Local users can exploit this flaw, leading to unauthorized access to confidential information. It is critical for users and organizations utilizing affected versions to apply security best practices and implement measures to mitigate the risk associated with this vulnerability.

References

http://www.red-database-security.com/advisory/oracle_jdev...

x_refsource_MISC

http://secunia.com/advisories/15991/

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/21342

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2005
Vulnerability Reserved
Jul 17, 2005