Description
The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords.
References (2)
Core 2
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7563
Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/22
Scores
EPSS
0.0006
EPSS Percentile
17.2%
Details
Status
published
Products (2)
bea/weblogic_server
7.0 (10 CPE variants)
bea/weblogic_server
7.0.0.1 (9 CPE variants)
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026