[原文]The login page in Blackboard Learning and Community Portal System in Academic Suite 22.214.171.1244, 126.96.36.199, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter.
Blackboard Academic Suite login Routine encoded_pw Authentication Bypass
Remote / Network Access
Patch / RCS
The Learning and Community Portal System in Blackboard Academic Suite contains a flaw that may allow an attacker to bypass authentication. The issue is due to the login script not properly validating user-supplied input to the "encoded_pw" and "user_id" parameters.
Currently, there are no known workarounds or upgrades to correct this issue. However, Blackboard has released a patch to address this vulnerability.