CVE-2010-3244

by Fred · 07/09/2010

BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml file that contains an encrypted password in the field.

Date published : 2010-09-07

http://www.kb.cert.org/vuls/id/204055

http://www.kb.cert.org/vuls/id/MAPG-86YPVM

CVE-2010-3244

Similar

Recent Posts

Categories

CVE-2010-3244

Share this:

Similar

Recent Posts

Categories

Tags