John Fisher

**Name of the Vulnerable Software and Affected Versions** Blackboard Transact Suite versions prior to 3.6.0.2 **Description** The issue allows local users to discover the database password by modifying the connection.xml file. This is due to BbtsConnection Edit.exe relying on field names when determining whether to decrypt a connection.xml field value. **Recommendations** For versions prior to 3.6.0.2, update to version 3.6.0.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Blackboard Transact Suite (affected versions not specified) **Description** The issue concerns the automated-backup functionality, which stores sensitive information in cleartext. Specifically, it stores the `database username` and `database password` in cleartext in script and batch (.bat) files. This allows local users to obtain sensitive information by reading a file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.