Lucene search

[email protected]NVD:CVE-2008-1883

HistoryApr 18, 2008 - 3:05 p.m.

CVE-2008-1883

2008-04-1815:05:00

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.013

Percentile

85.9%

JSON

The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.

Affected configurations

Nvd

Node

blackboardblackboard_academic_suiteRange≤7

VendorProductVersionCPE
blackboardblackboard_academic_suite*cpe:2.3:a:blackboard:blackboard_academic_suite:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
blackboard	blackboard_academic_suite	*	cpe:2.3:a:blackboard:blackboard_academic_suite::::::::

References

secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/

securityreason.com/securityalert/3810

www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite

www.securityfocus.com/archive/1/490096/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/41935

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.013

Percentile

85.9%

JSON

Related for NVD:CVE-2008-1883

cvelist1 prion1 cve1