BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.
https://exchange.xforce.ibmcloud.com/vulnerabilities/14962
http://www.securitytracker.com/alerts/2004/Jan/1008867.html