A significant security lapse on the student admissions website Ravenna Hub, which exposed the personal information of children and their families, has been fixed. The platform allows parents to apply and track their children's school applications across thousands of institutions. This vulnerability allowed any logged-in user to access sensitive data associated with other users, as reported by TechCrunch.The vulnerability, identified as an insecure direct object reference (IDOR), allowed any logged-in user to access another student's data, including names, dates of birth, addresses, pictures and school details. Parent email addresses, phone numbers and sibling information were also exposed.The flaw stemmed from weak security controls, enabling users to access other profiles by altering sequential student identification numbers in the web address. VentureEd Solutions, the developer of Ravenna Hub, confirmed the issue was replicable and has since been addressed.Source: TechCrunch
Security Operations, Data Security, Vulnerability Management
Ravenna Hub fixes data exposure vulnerability affecting student information

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



