Blog | G5 Cyber Security

API Crash Course: Broken Object Level Authorization Found in Coursera

The Checkmarx Security Research Team analyzed the security posture of Coursera in accordance with the companys Vulnerability Disclosure Program. The BOLA API vulnerability our team discovered affected the users preferences. Even anonymous users were not only able to retrieve their preferences, but also change them. This vulnerability could have been abused to understand general users’ courses preferences at a large scale, since manipulating their recent activity affected the content rendered on the homepage for a specific user. The vulnerability could also be abused to somehow bias users’ choices.”]

Source: https://checkmarx.com/blog/api-crash-course-broken-object-level-authorization-found-in-coursera/

Exit mobile version