about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive Talk

exploits , vulnerabilities , articles , Respondus for WebCT Weak Password Encryption Vulnerability


Title Respondus for WebCT Weak Password Encryption Vulnerability
Published 2001-08-23-12:00AM
Updated 2001-08-23-02:54PM
Class Design Error
CVE   CVE-MAP-NOMATCH
Remote  No
Local  Yes
Credit  This vulnerability was submitted to BugTraq on August 23rd, 2001 by Desmond Irvine <desmond.irvine@sheridanc.on.ca>.
Vulnerable  Respondus Respondus for WebCT 1.1.2
WebCT WebCT 2.2
WebCT WebCT 3.1
WebCT WebCT 3.6
Not Vulnerable  
Code   This example was submitted by Desmond Irvine <desmond.irvine@sheridanc.on.ca> in his BugTraq posting:

C8-EF = userid
F0-117 = password

To see the password in plain text subtract the value shown in the WEBCT.SVR
file with no info saved from the value in the same position in the file
with the info saved. Stop when you reach the point where the values are
equal and the result is therefore 0.

i.e.

(the values after username is remembered:)
C8-EF 8B 88 7C 88 7A 7B 12 0D 13 0E 14 0F 15 10 16 11 17 12 11 13 12 14 13 15 14 16 15 17 16 0D 17 0E 11 0F 12 10 13 11 14 12
(the constants:)
C8-EF 16 15 17 16 11 17 12 0D 13 0E 14 0F 15 10 16 11 17 12 11 13 12 14 13 15 14 16 15 17 16 0D 17 0E 11 0F 12 10 13 11 14 12
75 73 65 72 69 64 0 <- stop
u s e r i d

(the values after the password is saved:)
F0-117 85 74 89 87 8E 84 83 7A 12 17 13 0D 14 0E 15 0F 16 10 17 11 11 12 12 13 13 14 14 15 15 16 16 17 17 0D 11 0E 12 0F 13 10
(the constants:)
F0-117 15 13 16 14 17 15 11 16 12 17 13 0D 14 0E 15 0F 16 10 17 11 11 12 12 13 13 14 14 15 15 16 16 17 17 0D 11 0E 12 0F 13 10
70 61 73 73 77 6F 72 64 0 <- stop
p a s s w o r d
TXT  t3xt 1t!


Advertising

Copyright 2007, SecurityDot
Fri, 18 Dec 2009 23:04:57 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
Sexytamil. How to sca www.yetsky www.hu61.c sex vidiyo Www+xxxtv+ Www.nuedse 52486 news for C SimpleBBS www.zgwh8. rs gallery Lil+wayne sexpicture maxcpm.inf showing se Bavan www.lwc200 ftvangles american lo407l Foto Sex W Sapix 200 /compo ftpu Big sxy ga 18ans PHP Advanc msn+space Lindsay Lo young girl . x3x. Host Jon myers@ ranimukarj news for C Naked aish photob sexedenfer news for c 889.com video porn sexy girl safesex veidoclip about acte news for C body.sex Crack Data china999.o