Smile On Fridays secured coverage in The Daily Swig for Tenable
Online learning platform TCExam marked down for weak web security
If successfully exploited, an unauthenticated, remote attacker could gain administrative access to the organization’s computer-based assessment – or ‘e-exam’ – system.
This, in turn, would open to door to all manner of exploits including allowing a student (or other malicious actor) to view or change the grades of other students, up to and including the possibility of changing admin login details.
The flaws were uncovered by security researchers at Tenable who disclosed their findings to TCExam, which has resolved the problems with the latest version of its software.