Coursera Flunks API Security Test in Researchers’ Exam

2021-07-08 18:29

Coursera states, in its Vulnerability Disclosure Program, that access control issues are a security concern.

API leaks are not uncommon and have been main contributors to major security issues.

Seventy-seven percent of them contained hardcoded API keys - some of which don't expire - that would allow an attacker to intercept API exchange of information.

In his writeup, Silva confirmed that API access control issues are "One of the biggest security problems facing APIs.".

By May 24, 2021, Coursera had resolved all the API issues, including a new one that Checkmarx found and reported in January.

A Coursera spokesperson told Threatpost that "The privacy and security of learners on Coursera is a top priority. We're grateful to Checkmarx for bringing the low-risk API-related issues - which did not expose any personal data of learners, customers, or partners - to the attention of our security team last year, who were able to promptly address and resolve the issues."

News URL

https://threatpost.com/coursera-flunks-api-security-test-in-researchers-exam/167630/

#API #researcher #security #test

News URL

Related news