| Vulnerability Name: | CVE-2006-2546 (CCN-26460) | ||||||||
| Assigned: | 2006-05-15 | ||||||||
| Published: | 2006-05-15 | ||||||||
| Updated: | 2017-07-20 | ||||||||
| Summary: | A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges. | ||||||||
| CVSS v3 Severity: | 2.8 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-2546 Source: BEA Type: Patch, Vendor Advisory BEA06-131.00 Source: CCN Type: SA20130 BEA WebLogic Server/Express Multiple Security Issues Source: SECUNIA Type: Vendor Advisory 20130 Source: CCN Type: SECTRACK ID: 1016101 WebLogic Server Admin Password Reset Mechanism May Disclose the Password to Local Users Source: SECTRACK Type: UNKNOWN 1016101 Source: CCN Type: OSVDB ID: 25546 BEA WebLogic Password Reset Mechanism Cleartext Admin Password Disclosure Source: CCN Type: BID-17982 BEA WebLogic Multiple Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2006-1828 Source: XF Type: UNKNOWN weblogic-admin-password-cleartext(26460) Source: XF Type: UNKNOWN weblogic-admin-password-cleartext(26460) Source: CCN Type: BEA Systems Inc. Security Advisory: (BEA06-131.00) Recovering admin password can leave cleartext password on disk | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||