Title: DPEC Courseware Web Server Password Vulnerability
Severity: MODERATE
Description:
DPEC's web server product, used to provide network access to DPEC's series of online educational courses, has a vulnerability that could allow a malicious user to gain administrative access to the DPEC software. When a new user logs in, they are required to select a new password. After the new password is entered, a second page is displayed that asks the user to re-enter the password for verification. After this form is filled in and submitted, the software sets the user's password to the password specified, and logs them into the system. In the source of this page is a hidden <INPUT> tag that contains the user's password. By saving and modifying the .htm file, a user could gain access to the system as any user, including administrator.
Affected Products:
- DPEC Online Courseware Web Server 1.0.0 pre-3/99
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
