Educause Security Discussion mailing list archives
0-days reported in Blackboard
From: Steve Werby <steve.werby () UTSA EDU>
Date: Fri, 16 Sep 2011 22:00:20 -0500
Zero-day holes found in the Blackboard learning platform http://www.scmagazine.com.au/News/272215,millions-of-student-exams-tests-and-data-exposed.aspx Multiple zero-day security vulnerabilities have been found in the worlds most popular educational software - holes that allow students to change grades and download unpublished exams, whilst allowing criminals to steal personal information...The problems relate to default configuration and web application vulnerabilities present in all versions of the Blackboard Learn system....the vulnerabilities would remain unpatched until the first service pack update is delivered prior to the end of the year...the issue was initially logged (in July) to our client support team...We issued a support bulletin to Blackboard Learn clients today after completing our review of the issues. It's not surprising that Blackboard is continuing down their old path concerning the handling of vulnerabilities. Is anyone familiar with the details and able to share them? Can anyone share the support bulletin? If any of you have implemented compensating controls, can you share what steps you took? -- Steve Werby Information Security Officer The University of Texas at San Antonio
Current thread:
- 0-days reported in Blackboard Steve Werby (Sep 16)
- Re: 0-days reported in Blackboard Schoenefeld, Keith P. (Sep 16)