|
|
>> BEA WebLogic Portal Login Attempts Information Disclosure Issue
|
Title : BEA WebLogic Portal Login Attempts Information Disclosure Issue
VUPEN ID : VUPEN/ADV-2005-0605
CVE ID : CVE-2005-1745
CWE ID : CWE-
Rated as : Low Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2005-05-24
|
A vulnerability was identified in BEA WebLogic Portal, which may be exploited by attackers to disclose sensitive information. This issue resides in the "UserLogin" control that displays incorrect password from failed login attempt to standard output, which may be exploited by a malicious user to view the incorrect password of the failed login attempt and use that to launch further attacks.
Affected Products
BEA WebLogic Portal 8.1 released through Service Pack 3, on all platforms
Solution
WebLogic Portal version 8.1 : Upgrade to Service Pack 4
References
http://www.vupen.com/english/advisories/2005/0605
http://dev2dev.bea.com/pub/advisory/128
Credits
Vulnerability reported by the vendor
ChangeLog
2005-05-24 : Initial release
2005-05-25 : Updated CVE
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
