CVEブラウザに戻る

CVE-2008-1883

MEDIUM

6.8

CVSS Severity Score

EPSS Score0.1730%

EPSS Percentile26.32th

Published2008年4月18日

Last Modified2026年4月23日

Vulnerability Description

The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.

Affected Platforms (CPE)

📦

Blackboard

Blackboard Academic Suite

<= 7

References & Advisories

🔗 http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/

🔗 http://securityreason.com/securityalert/3810

🔗 http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite

🔗 http://www.securityfocus.com/archive/1/490096/100/0/threaded

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/41935

🔗 http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/

🔗 http://securityreason.com/securityalert/3810

🔗 http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite

関連する脆弱性情報

CVE-2005-433810.0

announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions befor...

CVE-2005-43377.5

The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before...

CVE-2005-42066.1

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote a...

CVE-2006-39146.0

Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitra...