all InfoSec news
Edulog Parent Portal Products Improper Access Controls
Tenable Research Advisories www.tenable.com
Edulog’s Parent Portal and Parent Portal Lite services were affected by security-related issues regarding their authentication and access control implementations. These issues could have allowed a malicious actor to enumerate and access potentially sensitive information. This information includes, but is not limited to, data regarding students (most of whom are minors), their schools, parents, bus routes, GPS information, and proximity to given bus stops.
Normal operation of the frontend apps for these services …
access access control access controls actor authentication control controls data information malicious portal products security sensitive sensitive information services students