10th July 2021, Kathmandu
The difficulty APIs involve numerous uno on the OWASP API Security Top 10: a Broken Object Level Authorization (BOLA) emerges and displays secret data and information.
Coursera is an online learning platform it is used by 82 million learners, hundreds of Fortune 500 companies. The Researcher is finding several application programming interfaces (API) emerge in Coursera. The Checkmarx Security Research Team published on Thursday for finding a report, add the user and account enumeration, changed password features, GraphQL misconfiguration, and the whopper of them all: a Broken Object Level Authorization (BOLA) issue that influenced users’ preferences. BOLA is at the cap of OWASP’s.
The list of top 10 security issues given how simply these issues are to exploit and how tough it is to defend against the threat “in a systematized way.”
Coursera BOLA issue, “anonymous users” could recoup, and exchange, user preferences, in accordance to the report, written by security researcher Paulo Silva. A few user preferences, such as recently viewed courses and certifications, also leaked some metadata: for example, activity date and time.