student data

Java Architect Essentials

Feb 21, 2024 · Information Security

Student Information Leakage via Unauthenticated API in a University System

The article details a security case where an unauthenticated university API allowed an attacker to enumerate and download thousands of students' personal data by manipulating pagination parameters after discovering default credentials from a leaked PDF.