2002-03-15 05:00:00
mitre
PUBLISHED
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.