Thanks for your loyal support over the years! We're now dedicating our time entirely to HackerOne.

Posts about what matters to us

Musings on the intersection of security and development.

Blackboard security research paper has been released by Michiel on October 29

Our Blackboard security research paper, as described in an earlier blog post, has been published on the Dutch IT news website Webwereld. The paper can be downloaded instantly from our website.

During the research on Blackboard Academic Suite we found 84 different vulnerabilities. Students can hack into Blackboard easily by exploiting these vulnerabilities. In most situations universities won’t even notice they’ve been compromised. Due to the use of single sign-on systems examination results can be modified or in the worst case a student can graduate effortlessly.

The research was performed on Blackboard release 8, still one of the most used versions. Currently the most up to date version is release 9.1. They’ve made some progress with version 9.1, but there’s still a long way to go.

Due to the impact of a full disclosure, we’ve decided to not provide any technical details about the vulnerabilities, like “how to exploit?” The technical details can be used as a guide to write your own virus, for example to steal login credentials from Blackboard users. Maybe we’ll release a full disclosure next year in cooperation with some universities using Blackboard.

Interested in the risks of using Blackboard? Download our paper here.


Written by Michiel Prins

Has a strong focus on web applications and the security side effects of using modern web browser features. Loves challenges and the internal Online24 ‘hackathons’.


comments powered by Disqus