IBL News | New York
Three researchers discovered multiple security failings in the Coursera platform, used by 82 million learners and hundreds of Fortune 500 companies.
Those vulnerabilities on the API (Application Programming Interface) were fixed by Coursera’s tech team, once the company was informed last year.
Yesterday, Thursday, July 8, the Checkmarx Security Research Team published a report on its finding.
“Through our research, we discovered multiple API issues, such as user/account enumeration via the reset password feature, lack of resources limiting on both a GraphQL and REST API, and a GraphQL misconfiguration,” wrote Erez Yalon, Head of the Security Research Group at Checkmarx.
“But specifically, the Broken Object Level Authorization (BOLA) issue we found perfectly fits Coursera’s access control concerns,” he added.
The main issue of Broken Object Level Authorization (BOLA) security flaw is considered by OWASP to be a major threat due to the ease of exploitation.
BOLA flaws in APIs may expose endpoints that handle object identifiers, potentially opening the door to wider attacks.
“This vulnerability could have been abused to understand general users’ courses preferences at a large scale, but also to somehow bias users’ choices, since manipulating their recent activity affected the content rendered on Coursera’s homepage for a specific user,” Erez Yalon stated.
Meanwhile, Coursera told ZDNet that “the privacy and security of learners on Coursera is a top priority.” “We’re grateful to Checkmarx for bringing the low-risk API-related issues to the attention of our security team last year, who were able to address and resolve the issues promptly.”
More News at https://dweb.news
Who can you turn to for the lowdown on application transformation? Everyone is talking about the generational shift that is happening in the way applications are developed and delivered. There is a huge amount of hype in the market about containers and Kubernetes. You know that changes are happening and you need to understand how…
BOSTON–(BUSINESS WIRE)–Early Black Friday NordVPN deals for 2021 are here. Compare the best discounts on annual VPN plans and password manager software. Links to the latest deals are listed below. Best NordVPN deals: Save up to 72% on NordVPN’s VPN plans at NordVPN.com – get a 2-year VPN plan from NordVPN for only $3.29 per…
SALT LAKE CITY, Utah — On Tuesday, November 9, the Cybersecurity and Infrastructure Security Agency (CISA) held a tabletop exercise with the Chevron Salt Lake Refinery and other state and local partners to test plans for responding to a potential emergency at the refinery. “CISA routinely partners with industry and government to plan and practice…
TECH NEWS: November 12, 2021 4: 40 PM Image Credit:…
Establishes Priorities for Vulnerability Management and Provides an Impetus for Federal Agencies to Improve Vulnerability Management Practices WASHINGTON – Today the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, to drive urgent and prioritized remediation of vulnerabilities that are being actively exploited by…
Most Popular Articles on dWeb.News
- BUSINESS: First Watch Restaurant Group, Inc. Announces Pricing Of Initial Public Offering
- Kasual, a Craigslist Personals Alternative App offers enhanced safety features for casual dating
- Abuse Survivor Jordan Turpin On How Justin Bieber Inspired Her To Escape Her 'house Of Horror' – Yahoo Entertainment
- SOCIAL MEDIA: Introducing Meta: A Social Technology Company
- TECH NEWS: ‘Creativity needs energy’: Why a TBWANEBOKO exec believes a return to the office will save agency culture
- Paris to Berlin in an hour by train? Here’s how it could happen.
- Sports: Veteran MMA fighter Kyle Reyes dead at 30; Xtreme Couture and beyond mourns
- Nocturnal dinosaurs: Night vision and superb hearing in a small theropod suggest it was a moonlight predator
- FRANCE NEWS: Nigeria-France: Prince Arthur Eze sold land to TotalEnergies, Anambra – The Africa Report
- CANADA NEWS: Tyler Joe Miller, Canada’s next big country singer is the winner of SiriusXM’s Top of the Country award and $25,000