CVE-2003-1224

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server and Express versions 7.0 through 7.0.0.1

Description The issue allows attackers to obtain a user's password by physically observing the screen, as the JDBCConnectionPoolRuntimeMBean password is displayed in cleartext. This can be achieved through "shoulder surfing", where an attacker reads the password from the screen.

Recommendations For versions 7.0 through 7.0.0.1, consider restricting access to the Weblogic.admin console to minimize the risk of exploitation. As a temporary workaround, ensure that the console is used in a secure environment where "shoulder surfing" is not possible. At the moment, there is no information about a newer version that contains a fix for this issue.