CVE-2008-1883

Blackboard Academic Suite 7.x - Info Disclosure

Title source: llm

Description

The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.

References (5)

[Exploit] http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/

[Exploit] http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/490096/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41935

[Third Party Advisory] http://securityreason.com/securityalert/3810

Scores

EPSS 0.0061

EPSS Percentile 69.5%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

blackboard/blackboard_academic_suite < 7

Timeline

Published Apr 18, 2008

Tracked Since Feb 18, 2026