6.8

CVE-2008-1883

Exploit

EPSS 0.61%
Veröffentlicht 18.04.2008 15:05:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Blackboard ≫ Blackboard Academic Suite Version <= 7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.61%	0.673

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/

Exploit

http://securityreason.com/securityalert/3810

http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite

Exploit

http://www.securityfocus.com/archive/1/490096/100/0/threaded

https://exchange.xforce.ibmcloud.com/vulnerabilities/41935

https://nvd.nist.gov/vuln/detail/CVE-2008-1883

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1883

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1883

EUVD