CVE-2008-1883
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
18/04/2008
Last modified:
09/04/2025
Description
The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:blackboard:blackboard_academic_suite:*:*:*:*:*:*:*:* | 7 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/
- http://securityreason.com/securityalert/3810
- http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite
- http://www.securityfocus.com/archive/1/490096/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41935
- http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/
- http://securityreason.com/securityalert/3810
- http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite
- http://www.securityfocus.com/archive/1/490096/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41935