BEA WebLogic Server and WebLogic Express 8.1 SP5 and previous versions, and 7.0 SP6 and previous versions, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote malicious users to guess the password.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bea weblogic server 7.0 |
||
bea weblogic server 8.1 |