Oracle Application Server JDeveloper IDEConnections.xml Cleartext Password Disclosure
Local Access Required
Loss of Confidentiality
Oracle Application Server JDeveloper contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords which are stored in IDEConnections.xml, which may lead to a loss of confidentiality.
Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch (Critical Patch Update - July 2005) to address this vulnerability.