CVE-2003-1224

Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user’s password by physically observing ("shoulder surfing") the screen.

Date published : 2005-08-16

http://dev2dev.bea.com/pub/advisory/22

http://www.securityfocus.com/bid/7563