CVE-2003-1226

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server and Express versions 7.0 through 7.0.0.1

Description The issue concerns the insecure storage of secrets related to password encryption in configuration files, specifically config.xml, filerealm.properties, and weblogic-rar.xml. This allows local users to obtain these secrets and subsequently decrypt passwords.

Recommendations For BEA WebLogic Server and Express versions 7.0 through 7.0.0.1, consider restricting access to the configuration files config.xml, filerealm.properties, and weblogic-rar.xml to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.