TITLE: Blackboard Learning and Community Portal Systems "frameset.jsp" Weakness SECUNIA ADVISORY ID: SA17991 VERIFY ADVISORY: http://secunia.com/advisories/17991/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Blackboard Learning and Community Portal Systems 6 http://secunia.com/product/1002/ DESCRIPTION: dr_insane has reported a weakness in Blackboard Learning and Community Portal Systems, potentially allowing malicious people to conduct phishing attacks. The weakness is caused due to a design error in the way Blackboard Learning and Community Portal Systems displays an unverified user supplied argument (url) in its own frameset after successful authentication. This can e.g. be exploited by tricking a user into following a link from a HTML document to the trusted login page with a malicious "TARGET" URL. After successful authentication, the untrusted (fake) site will be displayed in the frameset of the trusted site. Example: http://[host]/webapps/portal/frameset.jsp?tab_id=[tabid]&url=[url] The vulnerability has been reported in version 6.2.3.23 and 6.3.1.424. Other versions may also be affected. SOLUTION: Do not follow links from untrusted sites or emails. PROVIDED AND/OR DISCOVERED BY: dr_insane ORIGINAL ADVISORY: http://www.ipomonis.com/advisories.htm ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------