CVE-2006-2546

A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges.

Published: May 23, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-2546
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
bea / weblogic_server	8.1	8.1.x

http://dev2dev.bea.com/pub/advisory/193
http://secunia.com/advisories/20130
http://securitytracker.com/id?1016101
http://www.vupen.com/english/advisories/2006/1828
https://exchange.xforce.ibmcloud.com/vulnerabilities/26460

Vulnerability Database

289,599

CVE-2006-2546