CVE-2001-1003
CVSS4.6
发布时间 :2001-08-31 00:00:00
修订时间 :2016-10-17 22:14:02
NMCOE    

[原文]Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges.


[CNNVD]WebCT Respondus密码泄露和权限提升漏洞(CNNVD-200108-169)

        WebCT的Respondus 1.1.2存储用户名和密码时使用弱加密,可以读取WEBCT.SVR文件的本地用户可以利用该漏洞译码并获取附加权限。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1003
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1003
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200108-169
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=99859557930285&w=2
(UNKNOWN)  BUGTRAQ  20010823 Respondus v1.1.2 stores passwords using weak encryption

- 漏洞信息

WebCT Respondus密码泄露和权限提升漏洞
中危 未知
2001-08-31 00:00:00 2005-10-20 00:00:00
本地  
        WebCT的Respondus 1.1.2存储用户名和密码时使用弱加密,可以读取WEBCT.SVR文件的本地用户可以利用该漏洞译码并获取附加权限。

- 公告与补丁

        

- 漏洞信息 (21078)

Respondus for WebCT 1.1.2 Weak Password Encryption Vulnerability (EDBID:21078)
multiple local
2001-08-23 Verified
0 Desmond Irvine
N/A [点击下载]
source: http://www.securityfocus.com/bid/3228/info

Respondus is an application designed to add functionality to WebCT's quiz, self-test and survey tools. WebCT is a commercial e-learning solution.

When a user opts to have Respondus remember the username/password for WebCT access, the information is saved encrypted in a file called 'WEBCT.SRV'. The encrypted value of the username and password are converted to their ASCII values and added to a constant. A hex editor can be used to compare differences between the file before credentials are saved with the version of the file after credentials are saved. The values of the username/password are determined by subtracting the constants in 'WEBCT.SRV' prior to saving the credentials from the new values.

The constants are the same for every version of Respondus and are easily located, which may allow the attacker to forego the step of comparing the old and new versions of 'WEBCT.SRV', if the constants are known.

Successful exploitation of this issue will allow the attacker to access other WebCT accounts, which may lead to elevated privileges or the disclosure of sensitive information. 

C8-EF = userid
F0-117 = password

To see the password in plain text subtract the value shown in the WEBCT.SVR
file with no info saved from the value in the same position in the file
with the info saved. Stop when you reach the point where the values are
equal and the result is therefore 0.

i.e.

(the values after username is remembered:)
C8-EF 8B 88 7C 88 7A 7B 12 0D 13 0E 14 0F 15 10 16 11 17 12 11 13 12 14 13 15 14 16 15 17 16 0D 17 0E 11 0F 12 10 13 11 14 12
(the constants:)
C8-EF 16 15 17 16 11 17 12 0D 13 0E 14 0F 15 10 16 11 17 12 11 13 12 14 13 15 14 16 15 17 16 0D 17 0E 11 0F 12 10 13 11 14 12
75 73 65 72 69 64 0 <- stop
u s e r i d

(the values after the password is saved:)
F0-117 85 74 89 87 8E 84 83 7A 12 17 13 0D 14 0E 15 0F 16 10 17 11 11 12 12 13 13 14 14 15 15 16 16 17 17 0D 11 0E 12 0F 13 10
(the constants:)
F0-117 15 13 16 14 17 15 11 16 12 17 13 0D 14 0E 15 0F 16 10 17 11 11 12 12 13 13 14 14 15 15 16 16 17 17 0D 11 0E 12 0F 13 10
70 61 73 73 77 6F 72 64 0 <- stop
p a s s w o r d 		

- 漏洞信息

11802
Respondus for WebCT WEBCT.SVR File Weak Encryption
Local Access Required Cryptographic
Loss of Confidentiality Solution Unknown
Exploit Public

- 漏洞描述

- 时间线

2001-08-23 Unknow
2001-08-23 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站