The Pearson ProctorCache software uses a hard coded password for administrative tasks.
The ProctorCache is designed to cache the testing content, as well as cache the responses and maintain a client list of active test-takers. ProctorCache is a server software package installed locally within the LAN on a Windows system.
CWE-259: Use of Hard-coded Password - CVE-2015-0972
An attacker on the local network can use the credentials to interrupt a test session and perform administrative tasks such as canceling tests or deleting users. According to Pearson, the actual test data is encrypted and not immediately accessible by an administrator.
Apply an update
This document was written by Garret Wassermann.
|Date First Published:||2015-06-16|
|Date Last Updated:||2015-06-16 14:32 UTC|