Cleartext Password Vulnerability in BEA WebLogic Portal
CVE-2006-0423

Currently unrated

Key Information:

Vendor: Oracle
Status: Weblogic Portal
Vendor: CVE Published:; 25 January 2006

What is CVE-2006-0423?

BEA WebLogic Portal 8.1 through SP3 is susceptible to a security flaw where the RDBMS Authentication provider's password is stored in plain text within the config.xml file. This misconfiguration could potentially allow attackers to access and manipulate sensitive information, as the exposed passwords can facilitate unauthorized access to databases, leading to significant security breaches.

References

http://www.vupen.com/english/advisories/2008/0613

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/40705

vdb-entryx_refsource_XF

http://secunia.com/advisories/18593

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jan 25, 2006
Vulnerability Reserved
Jan 25, 2006

Oracle

What is CVE-2006-0423?

References

Timeline