Two alerts on windows 2000 products via the Mountainwave daily
security news
BlackBoard CourseInfo Exposes Admin Psw
Reported July 10, 2000 by James Megna
VERSIONS AFFECTED
Blackboard CourseInfo 4.0
DESCRIPTION
During the installation process, Blackboard CourseInfo 4.0 requires
that the user create an administrative account used to access and
configure the CourseInfo software. The user name and password are
stored in a registry key that is left unprotected from access by
unauthorized users. Furthermore, the password is stored in clear
text
making abuse all the more likely. The username and password are
stored
in the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Blackboard,
Inc.\CourseInfo40
see
http://www.ntsecurity.net/go/load.asp?iD=/security/course1.htm for
full details
--------------------------------
Director
Learning & Teaching Support Unit
Robinson Library
University of Newcastle
Tel: 0191-222-5183
Fax: 0191-222-6235
www.staff.ncl.ac.uk/s.n.fitzpatrick/
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|