Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0511

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0511
Last Modified 05 Sep 2008 04:59:28
Published 01 Feb 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-0511

Summary

** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that "This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product."

Vulnerable Systems

Application

  • Blackboard 5.0

  • Blackboard 5.0.2

  • Blackboard 5.5

  • Blackboard 5.5.1

  • Blackboard 6.0

  • Blackboard Academic Suite 6.0


References

BID - 16438

BUGTRAQ - 20060202 Re: Blackboard Authentication Error

BUGTRAQ - 20060201 Blackboard Authentication Error

BUGTRAQ - 20060201 Re: Blackboard Authentication Error

OSVDB - 28023


Last Updated: 27 May 2016 10:41:40