CVE-2008-1883

Name of the Vulnerable Software and Affected Versions Blackboard Academic Suite versions 7.x

Description The issue allows remote attackers to access accounts more easily by modifying the client to skip the javascript/md5.js hash calculation and send an arbitrary MD5 string instead. This is because the server stores MD5 password hashes provided directly by clients.

Recommendations For Blackboard Academic Suite versions 7.x, consider disabling the direct acceptance of MD5 password hashes from clients as a temporary workaround until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.