Checkmarx security team discover vulnerabilities in open-source online learning platform
February 2022 by Checkmarx
Checkmarx has released the findings that is has discovered vulnerabilities in an open-source online learning platform, developed and maintained by the Oppia Foundation which aims to offer free, engaging and effective equality education for everyone.
The vulnerabilities discovered by Checkmarx were critical given the possibility of there being a direct impact on data privacy by accessing victims’ accounts – attackers could easily get into the system, lure users to sign in to Oppia with a malicious URL to exfiltrate accessTokens, then impersonate the victim to access their personal data, learning progress, or create and publish content from the victim’s accounts.
Given the propensity for this vulnerability to impact user trust and company reputation, should it be exploited, Checkmarx notified Oppia immediately and worked with the company to address and mitigate the issues surrounding the vulnerability.