Vulnerability CVE-2006-0511


Published: 2006-02-01   Modified: 2012-02-12

Description:
** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that "This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product."

Type:

CWE-Other

CVSS2 => (AV:L/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
6.4/10
3.1/10
Exploit range
Attack complexity
Authentication
Local
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Blackboard -> Blackboard 
Blackboard -> Blackboard academic suite 

 References:
http://www.securityfocus.com/archive/1/423654/100/0/threaded
http://www.securityfocus.com/archive/1/423686/100/0/threaded
http://www.securityfocus.com/archive/1/423778/100/0/threaded
http://www.securityfocus.com/bid/16438

Copyright 2024, cxsecurity.com

 

Back to Top