GUnet Open eClass CVE-2020-24381

CVE-2020-24381
GUnet Open eClass Platform (aka openeclass) through 3.9.2 might allow remote attackers to read students’ submitted assessments because it does not ensure that the web server blocks directory listings.
NOTE: this is disputed because it only affects misconfigured installations.

——————————————

[Additional Information]
Improper Access Control by Directory Listing misconfiguration in GUnet Open eClass allows remote unauthenticated users to view submitted assessments of students.

This vulnerability exists only in misconfigured installations although I have found a dozen installations vulnerable on Greek institutions at the time of discovery. This issue might seem of little importance at first, but given the fact that during covid19 quarantine many institutions used eClass as a solution for online remote exams, it poses a huge impact on confidentiality of private and sensitive data.
It does not only expose students’ personal data (name, surname, email, student ID, even photos with gov or academic ID used for proof of identity) but also exposes private semester assessments, unreleased exam subjects and submitted answers resulting in compromising the integrity of the whole examination process.
——————————————

[Vulnerability Type]
Incorrect Access Control

——————————————

[Vendor of Product]
GUnet (Greek Academic Network)

——————————————

[Affected Product Code Base]
https://github.com/gunet/openeclass/ – All versions as well as the latest stable (3.9.2) are affected

——————————————

[Attack Type]
Remote – Unauthenticated

——————————————

[Impact Information Disclosure]
True

——————————————

[PoC]

Course link example
https://127.0.0.1/courses/CS101
Add “work” directory at the end
https://127.0.0.1/courses/CS101/work/

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

[Reference]

 

https://github.com/gunet/openeclass/commits/master
https://github.com/gunet/openeclass/issues/39

Original post:

GUnet Open eClass E-learning platform <=1.7.3 – Multiple Vulnerabilities