The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/204055 | US Government Resource |
http://www.kb.cert.org/vuls/id/MAPG-86YPVM | US Government Resource |
Configurations
Information
Published : 2010-09-07 11:00
Updated : 2013-01-03 21:00
NVD link : CVE-2010-3245
Mitre link : CVE-2010-3245
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
blackboard
- transact_suite