CVE-2007-0409 Information

Description

BEA WebLogic 7.0 through 7.0 SP6 8.1 through 8.1 SP4 and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties which allows local administrative users to read the cleartext password.

Reference

http://dev2dev.bea.com/pub/advisory/203 http://osvdb.org/38501 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017525 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213