{"vuid":"VU#204055","idnumber":"204055","name":"Blackboard Transact database credentials disclosure","keywords":["Blackboard","commerece suite","database password","BbtsConnection_Edit.exe","scada"],"overview":"The Blackboard Transact application contains two vulnerabilities that allow an unauthorized user to access the database credentials.","clean_desc":"The Blackboard Transact application (previously know as Blackboard Commerce Suite) comes with a utility called BbtsConnection_Edit.exe that is used to edit the encrypted configuration file named connection.xml. When editing connection.xml, BbtsConnection_Edit.exe decrypts all the fields except the <Password> field. If a user opens the connection.xml file in text editor and copies the data for <Password> into any other field such as <Server>, then the BbtsConnection_Edit.exe program will display the password in the other field, in this example <Server>. An additional issue exists in that the Blackboard Transact application uses multiple script and batch (.bat) files for automated backup procedures that contain the database username and password in clear text.","impact":"An attacker who has access to BbtsConnection_Edit.exe and the connection.xml file, or read access to the backup scripts, can obtain the database username and password.","resolution":"Upgrade\nThe vendor has acknowledged these issues and additional information is available in the Vendors Affected section of this document.","workarounds":"Restrict access It may be possible to set file permissions on BbtsConnection_Edit.exe, connection.xml, and the script and batch (.bat) files used for automated backup procedures to restrict access by administrators only.","sysaffected":"","thanks":"Thanks to John Fisher for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["h","t","t","p",":","/","/","w","w","w",".","b","l","a","c","k","b","o","a","r","d",".","c","o","m","/","C","o","m","m","e","r","c","e","-","S","e","c","u","r","i","t","y","/","T","r","a","n","s","a","c","t","-","P","l","a","t","f","o","r","m",".","a","s","p","x"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2010-06-07T20:21:14Z","publicdate":"2010-08-17T00:00:00Z","datefirstpublished":"2010-09-01T17:54:49Z","dateupdated":"2010-09-23T13:00:02Z","revision":41,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"3","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"10","cam_impact":"18","cam_easeofexploitation":"19","cam_attackeraccessrequired":"4","cam_scorecurrent":"3.3345","cam_scorecurrentwidelyknown":"7.695","cam_scorecurrentwidelyknownexploited":"12.825","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.3345,"vulnote":null}