CVE-2005-4767

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server and WebLogic Express versions 7.0 SP6 and earlier, 8.1 SP5 and earlier

Description The issue allows remote attackers to guess the password more easily because it does not lock out a username after the maximum number of invalid login attempts when using username/password authentication.

Recommendations For versions 7.0 SP6 and earlier, and 8.1 SP5 and earlier, consider implementing a custom authentication mechanism to lock out usernames after a specified number of invalid login attempts as a temporary workaround. Restrict access to the authentication module to minimize the risk of exploitation.