Respondus is an application designed to add functionality to WebCT's quiz, self-test and survey tools. WebCT is a commercial e-learning solution. When a user opts to have Respondus remember the username/password for WebCT access, the information is saved encrypted in a file called 'WEBCT.SRV'. The encrypted value of the username and password are converted to their ASCII values and added to a constant. A hex editor can be used to compare differences between the file before credentials are saved with the version of the file after credentials are saved. The values of the username/password are determined by subtracting the constants in 'WEBCT.SRV' prior to saving the credentials from the new values. The constants are the same for every version of Respondus and are easily located, which may allow the attacker to forego the step of comparing the old and new versions of 'WEBCT.SRV', if the constants are known. Successful exploitation of this issue will allow the attacker to access other...
Respondus is an application designed to add functionality to WebCT's quiz, self-test and survey tools. WebCT is a commercial e-learning solution. When a user opts to have Respondus remember the username/password for WebCT access, the information is saved encrypted in a file called 'WEBCT.SRV'. The encrypted value of the username and password are converted to their ASCII values and added to a constant. A hex editor can be used to compare differences between the file before credentials are saved with the version of the file after credentials are saved. The values of the username/password are determined by subtracting the constants in 'WEBCT.SRV' prior to saving the credentials from the new values. The constants are the same for every version of Respondus and are easily located, which may allow the attacker to forego the step of comparing the old and new versions of 'WEBCT.SRV', if the constants are known. Successful exploitation of this issue will allow the attacker to access other WebCT accounts, which may lead to elevated privileges or the disclosure of sensitive information.
