PT-2003-2392 · Ibm · Ibm Websphere Advanced Server Edition

Jan P. Monsch

Published

2003-12-31

Updated

2017-07-29

CVE-2003-1447

CVSS v2.0

1.9

Low

Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM WebSphere Advanced Server Edition version 4.0.4

Description The issue concerns the use of a weak encryption algorithm, specifically XOR and base64 encoding, which allows local users to decrypt passwords when the configuration file is exported to XML.

Recommendations For IBM WebSphere Advanced Server Edition version 4.0.4, consider updating the encryption algorithm to a more secure method to prevent password decryption. As a temporary workaround, restrict access to the configuration file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2003-1447

Affected Products

Ibm Websphere Advanced Server Edition

PT-2003-2392 · Ibm · Ibm Websphere Advanced Server Edition

CVE-2003-1447

Weakness Enumeration

Related Identifiers

Affected Products

References · 7