Weaknesses in the API were discovered in Corsira’s popular learning platform
Security researchers CheckMarks, an application security testing company, have published results on security risks found in CoreSra’s popular learning. Platform. The firm alleges that Corsera’s APIs include a number of issues related to user / account counts and absences. Resource Limited, and Graph QL Incorrect configuration
In addition to these preliminary findings, Checkmarks also noted the Broken Object Level Authority’s (BOLA) findings of issues of particular concern. BOLA issues could allow hackers to influence or alter a user’s preferences. In addition, it was possible to affect user activity by changing recently viewed courses and credentials, which will change the courses offered to users.
Checkmarks highlights how common mistakes are made in the industry:
Unfortunately, permission issues with APIs are quite common. It is important to centralize access control validation in the X, good and permanently tested and actively maintained component. New API Closing points, or changes to existing ones, should be carefully considered for their safety requirements.
These issues were discovered in October 2020, and Checkmarks notes that Correira was responsible for resolving these issues.