Get a Pentest and security assessment of your IT network.

News

API Crash Course: Broken Object Level Authorization Found in Coursera

The Checkmarx Security Research Team analyzed the security posture of Coursera in accordance with the companys Vulnerability Disclosure Program. The BOLA API vulnerability our team discovered affected the users preferences. Even anonymous users were not only able to retrieve their preferences, but also change them. This vulnerability could have been abused to understand general users’ courses preferences at a large scale, since manipulating their recent activity affected the content rendered on the homepage for a specific user. The vulnerability could also be abused to somehow bias users’ choices.”]

Source: https://checkmarx.com/blog/api-crash-course-broken-object-level-authorization-found-in-coursera/

Related posts
News

Ashley Madison 2.0 Hackers Leak 20GB Data Dump, Including CEO's Emails

News

Art of Twitter account hacking

News

Take note, next week update Adobe Reader and Acrobat to fix critical flaws

News

Linux bug leaves 1.4 billion Android users vulnerable to hijacking attacks