CVE-2006-0423 Information

Description

BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file which allows attackers to gain privileges.

Reference

http://dev2dev.bea.com/pub/advisory/167 http://dev2dev.bea.com/pub/advisory/262 http://secunia.com/advisories/18593 http://securitytracker.com/id?1015528 http://www.securityfocus.com/bid/16358 http://www.vupen.com/english/advisories/2006/0312 http://www.vupen.com/english/advisories/2008/0613 https://exchange.xforce.ibmcloud.com/vulnerabilities/24284 https://exchange.xforce.ibmcloud.com/vulnerabilities/40705