PT-2002-2631 · Click2Learn · Click2Learn Ingenium Learning Management System

Published

2002-12-31

Updated

2008-09-05

CVE-2002-1909

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Click2Learn Ingenium Learning Management System versions 5.1 through 6.1

Description The issue concerns the storage of the hashed administrative password in a config.txt file under the htdocs directory. This allows remote attackers to obtain the administrative password.

Recommendations For versions 5.1 through 6.1, consider restricting access to the config.txt file to minimize the risk of exploitation. As a temporary workaround, limit access to the htdocs directory until a more permanent solution is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1909

Affected Products

Click2Learn Ingenium Learning Management System

PT-2002-2631 · Click2Learn · Click2Learn Ingenium Learning Management System

CVE-2002-1909

Related Identifiers

Affected Products

References · 4