CVE-2006-0511 | Vulnerability Database | Aqua Security

Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product.

Affected Software

Name	Vendor	Start Version	End Version
Blackboard	Blackboard	5.0 (including)	5.0 (including)
Blackboard	Blackboard	5.0.2 (including)	5.0.2 (including)
Blackboard	Blackboard	5.5 (including)	5.5 (including)
Blackboard	Blackboard	5.5.1 (including)	5.5.1 (including)
Blackboard	Blackboard	6.0 (including)	6.0 (including)
Blackboard_academic_suite	Blackboard	6.0 (including)	6.0 (including)

References

http://www.osvdb.org/28023
http://www.securityfocus.com/archive/1/423654/100/0/threaded
http://www.securityfocus.com/archive/1/423686/100/0/threaded
http://www.securityfocus.com/archive/1/423778/100/0/threaded
http://www.securityfocus.com/bid/16438
http://www.osvdb.org/28023
http://www.securityfocus.com/archive/1/423654/100/0/threaded
http://www.securityfocus.com/archive/1/423686/100/0/threaded
http://www.securityfocus.com/archive/1/423778/100/0/threaded
http://www.securityfocus.com/bid/16438

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-0511
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html