Vulnerability Note VU#626420
Pearson ProctorCache contains hard coded credentials
The Pearson ProctorCache software uses a hard coded password for administrative tasks.
The ProctorCache is designed to cache the testing content, as well as cache the responses and maintain a client list of active test-takers. ProctorCache is a server software package installed locally within the LAN on a Windows system.
CWE-259: Use of Hard-coded Password - CVE-2015-0972
An attacker on the local network can use the credentials to interrupt a test session and perform administrative tasks such as canceling tests or deleting users. According to Pearson, the actual test data is encrypted and not immediately accessible by an administrator.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Pearson Education||Affected||23 Jan 2015||16 Jun 2015|
CVSS Metrics (Learn More)
This document was written by Garret Wassermann.
- CVE IDs: CVE-2015-0972
- Date Public: 15 Jun 2015
- Date First Published: 16 Jun 2015
- Date Last Updated: 16 Jun 2015
- Document Revision: 64
If you have feedback, comments, or additional information about this vulnerability, please send us email.