This Vulnerability in E-Learning Platform Moodle Could Even Modify Exam Results

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

 

Critical Security Exploit in the popular e learning platform Moodle can be compromised that lets access to student data and test papers, the vulnerability can even modify exam results. The company is an open source e learning platform, used by 1,90,000 organizations across the world. Most of these organisations are educational institutes like college or university. A PHP objection vulnerability, the bug exists in Moodle’s Shibboleth authentication module, which can permit malicious hackers to use RCE (Remote Code Execution), which can lead to a complete takeover of the server. 
If this happens, the attacker can have access to anything on the server, like student data, passwords, messages and exam grades. Penetration testers Robin Peraglie and Johannes Moritz found the flaw, they were hunting bugs in Moodle because of the previous findings of 2 RCE vulnerabilities in Moodle software. 
According to them, the vulnerability only exists in the Moodle LMS server having Shibboleth sign-in authentication allowed. It is disabled by default, which is a relief to the educational institutions that use the module. But in case if it’s enabled, unauthorized hackers can perform a remote execution- arbitrary system commands. If this happens, it can lead to a complete hack of the server including user data leakage. Students can also use to it tamper with the exams before it actually happens. 
As per experts, the vulnerability is very easy to exploit. “After reporting the issue to Bugcrowd and, following a lengthy disclosure process, the flaw has now been patched. It took four months for the vulnerability to be triaged, revealed Moritz, who said he had the impression it was not treated

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: This Vulnerability in E-Learning Platform Moodle Could Even Modify Exam Results