ID CVE-2005-2292
Summary Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.
References
Vulnerable Configurations
  • Oracle JDeveloper 10.1.2
    cpe:2.3:a:oracle:jdeveloper:10.1.2
  • Oracle JDeveloper 9.0.4
    cpe:2.3:a:oracle:jdeveloper:9.0.4
  • Oracle JDeveloper 9.0.5
    cpe:2.3:a:oracle:jdeveloper:9.0.5
CVSS
Base: 2.1 (as of 18-07-2005 - 10:49)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_118828.NASL
    description Sun Management Center 3.5.1: Solaris 8 Oracle Patch. Date this patch was last updated by Sun : Jun/02/05
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 23409
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23409
    title Solaris 8 (sparc) : 118828-04
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_118829.NASL
    description Sun Management Center 3.5.1: Solaris 9 Oracle Patch. Date this patch was last updated by Sun : Jun/02/05
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 23549
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23549
    title Solaris 9 (sparc) : 118829-04
refmap via4
bugtraq 20050713 Advisory: Oracle JDeveloper Plaintext Passwords
confirm http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html
misc http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html
secunia 15991
xf jdeveloper-config-plaintext-password(21342)
Last major update 17-10-2016 - 23:26
Published 18-07-2005 - 00:00
Last modified 10-07-2017 - 21:32
Back to Top