Oracle Application Server Forms Temporary File Cleartext Password Disclosure
Local Access Required,
Remote / Network Access
Loss of Confidentiality
Oracle Application Server Forms Builder contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords when Forms Builder creates files in the temp directory which contain the username and password of the current database connection, which may lead to a loss of confidentiality.
Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch (Critical Patch Update - July 2005) to address this vulnerability.