PT-2002-2631 · Click2Learn · Click2Learn Ingenium Learning Management System

Publicado

2002-12-31

Atualizado

2008-09-05

CVE-2002-1909

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Click2Learn Ingenium Learning Management System versions 5.1 through 6.1

Description The issue concerns the storage of the hashed administrative password in a config.txt file under the htdocs directory. This allows remote attackers to obtain the administrative password.

Recommendations For versions 5.1 through 6.1, consider restricting access to the config.txt file to minimize the risk of exploitation. As a temporary workaround, limit access to the htdocs directory until a more permanent solution is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-1909

Produtos afetados

Click2Learn Ingenium Learning Management System

PT-2002-2631 · Click2Learn · Click2Learn Ingenium Learning Management System

CVE-2002-1909

Identificadores relacionados

Produtos afetados

Referências · 4