1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This top online learning platform had some serious security flaws

    From TechnologyDaily@1337:1/100 to All on Fri Jul 9 14:45:04 2021
    This top online learning platform had some serious security flaws

    Date:
    Fri, 09 Jul 2021 13:31:41 +0000

    Description:
    The API access control issue in Coursera could be used for some devious purposes.

    FULL STORY ======================================================================

    Cybersecurity researchers have discovered an API vulnerability in Coursera that could have been abused to read and manipulate a users recent activity.

    Coursera is one of the most popular online learning platforms around,
    claiming to be used by over 82 million people globally.

    However analysis by security specialists Checkmarx discovered multiple API issues on Coursera including a Broken Object Level Authorization (BOLA) issue that affected a users preferences. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

    Click here to start the survey in a new window << Shield yourself with these best identity theft protection services We've put together a list of
    the best endpoint protection software These are the best malware removal software on the market

    This vulnerability could have been abused to understand general users courses preferences at a large scale, but also to somehow bias users choices, since manipulating their recent activity affected the content rendered on Courseras homepage for a specific user, wrote Erez Yalon, Head of Security Research at Checkmarx. Authorization issue

    Explaining the issue Yalon writes that posing as regular users, the Checkmarx researchers were successfully able to request various preference data of
    other users by modifying the GET API requests.

    They then further fine tuned their method to demonstrate that even anonymous users wouldnt have any issues in accessing the preferences of any registered user.

    Critically however, they built upon the vulnerability to successfully modify any users preferences.

    Noting that authorization issues are quite common with APIs, Yalon says that API access control issues are one of the biggest security challenges.

    It is very important to centralize access control validations in a single, well and continuously tested and actively maintained component, concludes Yalon noting that Coursera has resolved the issues after they were
    responsible disclosed by Checkmarx. Protect your devices with these best antivirus software



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-top-online-learning-platform-had-some-seri ous-security-flaws/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)