Vulnerabilities > CVE-2005-2292 - Information Disclosure vulnerability in Oracle Jdeveloper 10.1.2/9.0.4/9.0.5
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS8_118828.NASL description Sun Management Center 3.5.1: Solaris 8 Oracle Patch. Date this patch was last updated by Sun : Jun/02/05 last seen 2020-06-01 modified 2020-06-02 plugin id 23409 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23409 title Solaris 8 (sparc) : 118828-04 NASL family Solaris Local Security Checks NASL id SOLARIS9_118829.NASL description Sun Management Center 3.5.1: Solaris 9 Oracle Patch. Date this patch was last updated by Sun : Jun/02/05 last seen 2020-06-01 modified 2020-06-02 plugin id 23549 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23549 title Solaris 9 (sparc) : 118829-04
References
- http://marc.info/?l=bugtraq&m=112129177927502&w=2
- http://secunia.com/advisories/15991/
- http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html
- http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21342