VULHUB ™

Default implementations of WebLogic Server and WebLogic Express make details about the encryption of passwords available to unprivileged users. A user with access to the encrypted passwords, with knowledge of the encryption algorithms used, and access to the 'config.xml', 'filerealm.properties', and 'weblogic-rar.xml' files could gain access to the plain-text passwords.

Default implementations of WebLogic Server and WebLogic Express make details about the encryption of passwords available to unprivileged users. A user with access to the encrypted passwords, with knowledge of the encryption algorithms used, and access to the 'config.xml', 'filerealm.properties', and 'weblogic-rar.xml' files could gain access to the plain-text passwords.