Weak Encryption in Respondus 1.1.2 for WebCT Allows Password Decryption and Privilege Escalation

Weak Encryption in Respondus 1.1.2 for WebCT Allows Password Decryption and Privilege Escalation

CVE-2001-1003 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges.

Learn more about our Web App Pen Testing.