CVE-2001-1003 - Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows loc

CVE-2001-1003

Summary

Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges.

References

http://marc.info/?l=bugtraq&m=99859557930285&w=2

Vulnerable Configurations

cpe:2.3:a:webct:respondus:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:webct:respondus:1.1.2:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 18-10-2016 - 02:14)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq

20010823 Respondus v1.1.2 stores passwords using weak encryption

Last major update

18-10-2016 - 02:14

Published

31-08-2001 - 04:00

Last modified

18-10-2016 - 02:14