Vulnerability: Est. Millions of Users of Popular Educational Platform Exposed to Account Takeover Threats And More
A lot of universities have been attacked recently. Not all attacks are related to the Moodle vulnerability described in this report (e.g., all the Accellion-related university breaches), but the Moodle vulnerability worth noting and addressing if it applies to your uni. Chase Williams reports:
At the beginning of October 2020, the Wizcase cyber research team, led by Ata Hakcil, discovered a security vulnerability in the open-source learning platform Moodle. Anyone who had an account on a given school’s Moodle (with TeX filter enabled) could then take over students’ accounts, professors, and even the accounts managed by the platform administrators.
Moodle is an open-source educational platform used by 179,000 sites and has 242 million users. It allows universities to distribute content to students and teachers. It allows teachers to easily communicate with students, organize and post links, documents, assignments, quizzes, and grades.
Read more on Wizcase.