CVE-2006-0511 - Vulnerability Details - OpenCVE

Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that "This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Blackboard	Blackboard Blackboard Academic Suite

Configuration 1 [-]

OR	cpe:2.3:a:blackboard:blackboard:5.0:::::::*
	cpe:2.3:a:blackboard:blackboard:5.0.2:::::::*
	cpe:2.3:a:blackboard:blackboard:5.5:::::::*
	cpe:2.3:a:blackboard:blackboard:5.5.1:::::::*
	cpe:2.3:a:blackboard:blackboard:6.0:::::::*
	cpe:2.3:a:blackboard:blackboard_academic_suite:6.0:::::::*

No data.

References

Link	Providers
http://www.osvdb.org/28023
http://www.securityfocus.com/archive/1/423654/100/0/threaded
http://www.securityfocus.com/archive/1/423686/100/0/threaded
http://www.securityfocus.com/archive/1/423778/100/0/threaded
http://www.securityfocus.com/bid/16438

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-02-01T23:00:00

Updated: 2024-08-07T16:41:27.677Z

Reserved: 2006-02-01T00:00:00

Link: CVE-2006-0511

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-02-01T23:02:00.000

Modified: 2024-11-21T00:06:37.963

Link: CVE-2006-0511

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-02-01T00:00:00", "descriptions": [{"lang": "en", "value": "Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that \"This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "16438", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16438"}, {"name": "20060202 Re: Blackboard Authentication Error", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/423778/100/0/threaded"}, {"name": "20060201 Re: Blackboard Authentication Error", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/423686/100/0/threaded"}, {"name": "20060201 Blackboard Authentication Error", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/423654/100/0/threaded"}, {"name": "28023", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28023"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0511", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that \"This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "16438", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16438"}, {"name": "20060202 Re: Blackboard Authentication Error", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/423778/100/0/threaded"}, {"name": "20060201 Re: Blackboard Authentication Error", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/423686/100/0/threaded"}, {"name": "20060201 Blackboard Authentication Error", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/423654/100/0/threaded"}, {"name": "28023", "refsource": "OSVDB", "url": "http://www.osvdb.org/28023"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:41:27.677Z"}, "title": "CVE Program Container", "references": [{"name": "16438", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/16438"}, {"name": "20060202 Re: Blackboard Authentication Error", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/423778/100/0/threaded"}, {"name": "20060201 Re: Blackboard Authentication Error", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/423686/100/0/threaded"}, {"name": "20060201 Blackboard Authentication Error", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/423654/100/0/threaded"}, {"name": "28023", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28023"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0511", "datePublished": "2006-02-01T23:00:00", "dateReserved": "2006-02-01T00:00:00", "dateUpdated": "2024-08-07T16:41:27.677Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackboard:blackboard:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "C6DC4593-108E-44F4-B322-805B6BC00A20", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackboard:blackboard:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "0DEC3208-A52A-483B-AB83-E766B581CB87", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackboard:blackboard:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "CD6E7A85-D925-4463-AA18-2519973C0D60", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackboard:blackboard:5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "3D61778B-8CC7-4DED-B735-88A9F027388C", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackboard:blackboard:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "34DEADE2-62A0-4FDC-8172-7726D8555DC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackboard:blackboard_academic_suite:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "0C8E8CD2-26E7-48F1-960F-49992E94BA96", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that \"This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product."}], "id": "CVE-2006-0511", "lastModified": "2024-11-21T00:06:37.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-02-01T23:02:00.000", "references": [{"source": "cve@mitre.org", "url": "http://www.osvdb.org/28023"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/423654/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/423686/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/423778/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/16438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/423654/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/423686/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/423778/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/16438"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}