Never thought of but my collegue Arjen Vrielink notified me about it: why does a user in Blackboard not have to give his current password when changing it?

On any password protected system it is required to enter your current password when you want to change it (not only on Microsoft systems! Even on Unix systems…) but for some reason this isn’t implemented in the Blackboard system.

This seems a serious security leak to me. What if someone is logged on and leaves his computer for some reason. Anyone could change his/her password without having to know the current one!

This problem is not only related to Blackboard Learn 9 but also to the Blackboard Academic Suite 6, 7 and 8. I think that Blackboard needs to modify the Change Password page accordingly in all versions. Therefor I will open a case on Behind the Blackboard.

Will keep you up-to-date about this case!