Exploitation Summary
EIP tracks 1 public exploit for CVE-2001-1003. PoCs published by Desmond Irvine.
AI-analyzed exploit summary This writeup describes a method to decrypt stored WebCT credentials in the 'WEBCT.SRV' file by subtracting known constants from the encrypted values. The process involves comparing hex values before and after credential storage to derive plaintext usernames and passwords.
Description
Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges.
Exploits (1)
This writeup describes a method to decrypt stored WebCT credentials in the 'WEBCT.SRV' file by subtracting known constants from the encrypted values. The process involves comparing hex values before and after credential storage to derive plaintext usernames and passwords.