The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges.
Software | From | Fixed in |
---|---|---|
bea / weblogic_server | 8.1 | 8.1.x |
bea / weblogic_server | 8.1-sp1 | 8.1-sp1.x |
bea / weblogic_server | 8.1-sp2 | 8.1-sp2.x |