CVE-2006-0511

Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that "This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product.

Published: Feb 2, 2006
Updated: Nov 8, 2023
CVE: CVE-2006-0511
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:L/AC:L/Au:S/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
blackboard / blackboard	5.0.2	5.0.2.x
blackboard / blackboard	6.0	6.0.x
blackboard / blackboard	5.5	5.5.x
blackboard / blackboard	5.5.1	5.5.1.x
blackboard / blackboard	5.0	5.0.x
blackboard / blackboard_academic_suite	6.0	6.0.x

http://www.osvdb.org/28023
http://www.securityfocus.com/archive/1/423654/100/0/threaded
http://www.securityfocus.com/archive/1/423686/100/0/threaded
http://www.securityfocus.com/archive/1/423778/100/0/threaded
http://www.securityfocus.com/bid/16438

Vulnerability Database

290,206

CVE-2006-0511