CVE-2004-0712

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 8.1 through 8.1 SP2

Description The configuration tools for BEA WebLogic Server create a log file that contains the administrative username and password in cleartext. This could allow local users to gain privileges.

Recommendations For BEA WebLogic Server versions 8.1 through 8.1 SP2, consider restricting access to the log files generated by the configuration tools to minimize the risk of exploitation. As a temporary workaround, avoid using the configuration tools until a secure alternative is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.