CVE-2005-4755 Information

Description

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or during domain creation with the Configuration Wizard renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file which might allow local users to obtain cryptographic keys.

Reference

http://dev2dev.bea.com/pub/advisory/145 http://dev2dev.bea.com/pub/advisory/150 http://secunia.com/advisories/17138 http://www.securityfocus.com/bid/15052