2005-08-16 04:00:00
mitre
PUBLISHED
Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a users password by physically observing ("shoulder surfing") the screen.