CVE-2006-0426 Information

Description

BEA WebLogic Server and WebLogic Express 8.1 through SP4 when configuration auditing is enabled and a password change occurs stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file which could allow attackers to gain privileges.

Reference

http://dev2dev.bea.com/pub/advisory/170 http://secunia.com/advisories/18592 http://securitytracker.com/id?1015528 http://www.osvdb.org/22775 http://www.securityfocus.com/bid/16358 http://www.vupen.com/english/advisories/2006/0313 https://exchange.xforce.ibmcloud.com/vulnerabilities/24290