CVE-2001-1003

Respondus 1.1.2 - Weak Encryption in WEBCT.SVR File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1003. PoCs published by Desmond Irvine.

AI-analyzed exploit summary This writeup describes a method to decrypt stored WebCT credentials in the 'WEBCT.SRV' file by subtracting known constants from the encrypted values. The process involves comparing hex values before and after credential storage to derive plaintext usernames and passwords.

Description

Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Desmond Irvine · textlocalmultiple
https://www.exploit-db.com/exploits/21078

This writeup describes a method to decrypt stored WebCT credentials in the 'WEBCT.SRV' file by subtracting known constants from the encrypted values. The process involves comparing hex values before and after credential storage to derive plaintext usernames and passwords.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Respondus (all versions)
No auth needed
Prerequisites: Access to the 'WEBCT.SRV' file · Knowledge of the encryption constants
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=99859557930285&w=2

Scores

EPSS 0.0035
EPSS Percentile 27.2%

Details

Status published
Products (1)
webct/respondus 1.1.2
Published Aug 31, 2001
Tracked Since Feb 18, 2026