漏洞标题
N/A
漏洞描述信息
在Blackboard Academic Suite 7.x中,服务器存储了客户端直接提供的原始MD5密码哈希值,这使得远程攻击者更容易通过修改后的客户端访问账户,该客户端跳过了javascript/md5.js哈希计算,而是发送任意的MD5字符串。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
blackboard academic suite javascript/md5.js 授权问题漏洞
漏洞描述信息
The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes Blackboard Academic Suite 7.x stores MD5中的服务器储存直接由客户机程序提供的密码杂乱信息,远程攻击者通过javascript/md5.js杂乱信息计算并发送一个任意MDstring的修改过的客户机程序来访问任意帐号。
CVSS信息
N/A
漏洞类别
授权问题