<<< Date Index >>>     <<< Thread Index >>>

Blackboard Authentication Error



Hello,

Here at my university we use Blackboard as the chosen tool for having online 
class websites, grading, chatrooms, announcements, quizzing, etc., in a 
convenient fashion.

Blackboard works alongside our Kerberos authentication to be sure that the 
person who is accessing the information is the correct one.

Tonight I discovered that there is a way that Blackboard fails in doing this.  
When Blackboard has been idle for so long (ten minutes or so, I think), it will 
de-authenticate you from accessing resources.  So, let's say I'm logged in as 
mrm5, I use it, then I walk away from the computer.  If someone comes up and 
tries to gain access to the still-up Blackboard site, after they click a link 
they will be prompted with a password entry screen.

This presumably means that in order to access mrm5's stuff, you need to enter 
mrm5's information.  But, instead, if you enter another user's information, 
such as ppq2, and enter the correct password for ppq2, you will now be logged 
in under mrm5's account instead of ppq2's, and able to do everything that mrm5 
could have if they were logged in, including changing personal information, 
"enrolling" in class, making posts on boards, taking quizzes, etc.

I have no idea and no way of checking to see if other universities are 
susceptible to the same problem, but either way this is something that 
needs to be fixed.

-jehnx/Josh