CVE-2008-1883 - OpenCVE

The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Blackboard	Blackboard Academic Suite

Configuration 1 [-]

cpe:2.3:a:blackboard:blackboard_academic_suite:*:*:*:*:*:*:*:*

References

Link	Resource
http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/	Exploit
http://securityreason.com/securityalert/3810
http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite	Exploit
http://www.securityfocus.com/archive/1/490096/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/41935

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-04-18T15:00:00

Updated: 2018-10-11T19:57:01

Reserved: 2008-04-18T00:00:00

Link: CVE-2008-1883

JSON object: View

NVD Information

Status : Modified

Published: 2008-04-18T15:05:00.000

Modified: 2018-10-11T20:37:42.590

Link: CVE-2008-1883

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-26T00:00:00", "descriptions": [{"lang": "en", "value": "The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"}, {"name": "3810", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3810"}, {"tags": ["x_refsource_MISC"], "url": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/"}, {"name": "20080326 Blackboard Academic Suite Multiple XSS Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/490096/100/0/threaded"}, {"name": "blackboard-client-information-disclosure(41935)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41935"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1883", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite", "refsource": "MISC", "url": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"}, {"name": "3810", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3810"}, {"name": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/", "refsource": "MISC", "url": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/"}, {"name": "20080326 Blackboard Academic Suite Multiple XSS Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/490096/100/0/threaded"}, {"name": "blackboard-client-information-disclosure(41935)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41935"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1883", "datePublished": "2008-04-18T15:00:00", "dateReserved": "2008-04-18T00:00:00", "dateUpdated": "2018-10-11T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackboard:blackboard_academic_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "09F45424-8CE2-4AAA-81BA-393B023DC328", "versionEndIncluding": "7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string."}, {"lang": "es", "value": "El servidor en Blackboard Academic Suite 7.x almacena hashes de contrase\u00f1as MD5 que son proporcionadas directamente por clientes, lo que facilita a atacantes remotos el acceso a cuentas a trav\u00e9s de un cliente modificado que salta el c\u00e1lculo hash javascript/md5.js y en vez de eso env\u00eda una cadena MD5 cualquiera."}], "id": "CVE-2008-1883", "lastModified": "2018-10-11T20:37:42.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-04-18T15:05:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3810"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/490096/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41935"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}