Discussions
Categories
- 17.9K All Categories
- 3.4K Industry Applications
- 3.4K Intelligent Advisor
- 73 Insurance
- 537.3K On-Premises Infrastructure
- 138.6K Analytics Software
- 38.6K Application Development Software
- 6K Cloud Platform
- 109.6K Database Software
- 17.6K Enterprise Manager
- 8.8K Hardware
- 71.2K Infrastructure Software
- 105.3K Integration
- 41.6K Security Software
Weblogic 12C Vulnerability Issue : Java JMX RMI Accessible with Common Credentials (Unauthenticated
Good Evening Experts,
Hope you are doing good.
I got a vulnerability in my production server and needs to be resolved at the earliest please:
Server OS : Windows 2012r2
Weblogic Server: 12c R1
The vulnerability is :
"Java JMX RMI Accessible with Common Credentials (Unauthenticated check)"
Java JMX interface is accessible via following username/password pairs:
admin/password
admin/admin
admin/activemq
monitorRole/QED
controlRole/R%26D
controlrole/password
monitorrole/password
cassandra/cassandrapassword
monitorRole/tomcat
controlRole/tomcat
monitorRole/mrpasswd
controlRole/crpasswd
role1/role1passwd
ole2/role2passwd
role3/role3passwd
admin/thisIsSupposedToBeAStrongPassword!
QID Detection Logic (Authenticated):
This QID tries to log into JMX RMI server using above credentials.
Note:if remote JMX RMI sever accessible without authentication. all of above credentials will post.
Sincerely,
Manmohan Bhakuni
Comments
-
Dear Experts,
Any suggestion would be highly appreciated please.
Sincerely
Manmohan
-
Did you get the solution?
-
Did you get the solution ?
-
We have got this issue. If you have solution, please share the details with me.
-
Good Day All,
I am having the exact same issue and JMX RMI is not an enabled feature in our environment. How was or how can this be resolved?