CVE-2005-3203 Information

Description

The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext which allows local users to gain privileges.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0174.html http://marc.info/?l=bugtraq&m=112870441917345&w=2 http://secunia.com/advisories/14935/ http://www.red-database-security.com/advisory/oracle_htmldb_plaintext_password.html http://www.securityfocus.com/bid/15033 https://exchange.xforce.ibmcloud.com/vulnerabilities/22542