VULHUB ™

IBM WebSphere allows administrators to export configuration files to XML. When the WebSphere configuration file is exported in this manner, passwords are obfuscated using an easily reversible algorithm. If an attacker gains access to an exported XML configuration file, it is a trivial task to decode the password. The WebSphere documentation states that exported configurations will contain encoded (and not encrypted) passwords. Administrators should be cautious when exporting configuration files. This issue was reported in IBM WebSphere Advanced Server Edition 4.0.4. It is not known if the same encoding is used in other versions. Though the core weakness is that passwords are encoded and may be easier to reverse than if encrypted using a strong algorithm, so all current versions so should be considered prone to this weakness to some degree.

IBM WebSphere allows administrators to export configuration files to XML. When the WebSphere configuration file is exported in this manner, passwords are obfuscated using an easily reversible algorithm. If an attacker gains access to an exported XML configuration file, it is a trivial task to decode the password. The WebSphere documentation states that exported configurations will contain encoded (and not encrypted) passwords. Administrators should be cautious when exporting configuration files. This issue was reported in IBM WebSphere Advanced Server Edition 4.0.4. It is not known if the same encoding is used in other versions. Though the core weakness is that passwords are encoded and may be easier to reverse than if encrypted using a strong algorithm, so all current versions so should be considered prone to this weakness to some degree.