Blackboard CourseInfo 4.0明文管理员密码漏洞

漏洞信息详情

Blackboard CourseInfo 4.0明文管理员密码漏洞

• CNNVD编号：CNNVD-200007-020
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2000-0605
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2000-07-10
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  blackboard
• 漏洞来源：
  Posted to NTBugtra…

Blackboard CourseInfo 4.0版本在访问控制允许用户访问密码的注册表钥明文中储存本地和SQL管理员用户名和密码。

Blackboard has released a hotfix which will encrypt the information stored in the registry. Blackboard also recommends that users restrict remote access to the registry. Instructions to do so can be found at the following URL:
http://www.microsoft.com/TechNet/security/c2config.asp#25
Users who have upgraded to version 5.0 are not susceptible to this vulnerability.
Blackboard CourseInfo 4.0

• Blackboard Courseinfo4hotfix
  
  http://company.blackboard.com/Support/files/Courseinfo4hotfix.exe

来源: BID
名称: 1460
链接:http://www.securityfocus.com/bid/1460

来源: NTBUGTRAQ
名称: 20000710 Two issues: Blackboard CourseInfo 4.0 stores admin password in clear text; strange settings on the winreg key.
链接:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=NTBUGTRAQ&P=R1647