IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Websphere_application_server | Ibm | 4.0.4 (including) | 4.0.4 (including) |
References
- http://securityreason.com/securityalert/3277
- http://www.securityfocus.com/archive/1/310118
- http://www.securityfocus.com/archive/1/310796
- http://www.securityfocus.com/bid/6758
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11245
- http://securityreason.com/securityalert/3277
- http://www.securityfocus.com/archive/1/310118
- http://www.securityfocus.com/archive/1/310796
- http://www.securityfocus.com/bid/6758
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11245