Blackboard Academic Suite login Routine encoded_pw Authentication Bypass

2005-12-10T10:42:32
ID OSVDB:21616
Type osvdb
Reporter OSVDB
Modified 2005-12-10T10:42:32

Description

Technical Description

According to the vendor, "this vulnerability only affects customers who are running our software using particular LDAP servers using specific settings."

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Blackboard has released a patch to address this vulnerability.

Manual Testing Notes

http://[target]/login/?action=login&encoded_pw=/&user_id=[arbitrary_user]

References:

Vendor URL: http://www.blackboard.com/ Secunia Advisory ID:17991 Related OSVDB ID: 21619 Related OSVDB ID: 21618 Related OSVDB ID: 21617 Other Advisory URL: http://www.ipomonis.com/advisories/Bb_6.zip Keyword: KB 181-2690 CVE-2005-4337