Vulnerability Description
The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Blackboard | Blackboard Academic Suite | <= 7 |
Related Weaknesses (CWE)
References
- http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/Exploit
- http://securityreason.com/securityalert/3810
- http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-SuiteExploit
- http://www.securityfocus.com/archive/1/490096/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41935
- http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/Exploit
- http://securityreason.com/securityalert/3810
- http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-SuiteExploit
- http://www.securityfocus.com/archive/1/490096/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41935
FAQ
What is CVE-2008-1883?
CVE-2008-1883 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that s...
How severe is CVE-2008-1883?
CVE-2008-1883 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1883?
Check the references section above for vendor advisories and patch information. Affected products include: Blackboard Blackboard Academic Suite.