This article has been indexed from Softpedia News / Security
Recent findings of several security flaws in the Coursera online learning platform have been revealed, according to ZDNet. A significant vulnerability, known as a Broken Object Level Authorization (BOLA) issue, was present in the vulnerable APIs and it could have exposed sensitive information.
Due to the popularity of Coursera, researchers decided to take a peak into their security practices. A security point dubbed as access control is listed in the program as an in-scope concern. This included accessing data that you were not authorized to see, data belonging to another student, and being able to access the backend administrative systems.
Checkmarx discovered a number of API issues, including a REST API, a listing via password reset function error, resource constraints linked to both a GraphQL and a GraphQL misconfiguration, amongst other difficult…
Read the original article: Coursera API Flaws Revealed by Cybersecurity Experts