Vulnerability Description
A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 8.1 |
References
- http://dev2dev.bea.com/pub/advisory/193PatchVendor Advisory
- http://secunia.com/advisories/20130Vendor Advisory
- http://securitytracker.com/id?1016101
- http://www.vupen.com/english/advisories/2006/1828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26460
- http://dev2dev.bea.com/pub/advisory/193PatchVendor Advisory
- http://secunia.com/advisories/20130Vendor Advisory
- http://securitytracker.com/id?1016101
- http://www.vupen.com/english/advisories/2006/1828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26460
FAQ
What is CVE-2006-2546?
CVE-2006-2546 is a vulnerability with a CVSS score of 5.0 (MEDIUM). A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, wh...
How severe is CVE-2006-2546?
CVE-2006-2546 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2546?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.