Back to CVE Browser

CVE-2008-1883

MEDIUM

6.8

CVSS Severity Score

EPSS Score0.1730%

EPSS Percentile26.32th

PublishedApr 18, 2008

Last ModifiedApr 23, 2026

Vulnerability Description

The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.

Affected Platforms (CPE)

📦

Blackboard

Blackboard Academic Suite

<= 7

References & Advisories

🔗 http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/

🔗 http://securityreason.com/securityalert/3810

🔗 http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite

🔗 http://www.securityfocus.com/archive/1/490096/100/0/threaded

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/41935

🔗 http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/

🔗 http://securityreason.com/securityalert/3810

🔗 http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite

Related Vulnerabilities

CVE-2005-433810.0

announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions befor...

CVE-2005-43377.5

The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before...

CVE-2005-42066.1

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote a...

CVE-2006-39146.0

Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitra...