Security Operations, Data Security, Vulnerability Management

Ravenna Hub fixes data exposure vulnerability affecting student information

concept of leaky software, data with a tap sticking out.3d illustration

A significant security lapse on the student admissions website Ravenna Hub, which exposed the personal information of children and their families, has been fixed. The platform allows parents to apply and track their children's school applications across thousands of institutions. This vulnerability allowed any logged-in user to access sensitive data associated with other users, as reported by TechCrunch.

The vulnerability, identified as an insecure direct object reference (IDOR), allowed any logged-in user to access another student's data, including names, dates of birth, addresses, pictures and school details. Parent email addresses, phone numbers and sibling information were also exposed.

The flaw stemmed from weak security controls, enabling users to access other profiles by altering sequential student identification numbers in the web address. VentureEd Solutions, the developer of Ravenna Hub, confirmed the issue was replicable and has since been addressed.

Source: TechCrunch

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds