On the site org.mephi.ru, which is used for the Olympiad MEPI, critical vulnerabilities have been found, allowing interested parties to get prepared tasks in advance, access to sessions, to the personal data of participants, change the answers and make many other actions.
In myth immediately after finding problems, we decided to close the site to eliminate the errors found and other flaws in the system. Due to the limitations associated with coronavirus infection, in 2021, the physico-mathematical Olympiad of schoolchildren in MIII decided to spend online. Successful participation in it allows high school students without entrance examinations to enter the university.
On the official website, which is used to conduct the MEPh Olympiad, several critical vulnerabilities of the SQL code and cross-site scripting (XSS) were found at once. Using the exploit allows hackers to change the results and access confidential information literally in a few seconds.
Information security experts note that the presence of such vulnerabilities allows you to spend a successful cyberatak to the site org.mephi.ru for a few seconds - hakra need only to change three characters in the code, which will allow access to the personal information of the participants, to the prepared tasks.
The information security service of MEPI has already received all the necessary information about the vulnerabilities detected. The university followed the problem as follows: "University's profile services promptly responded to reports of vulnerabilities. The site was temporarily closed to fulfill all the necessary corrections. "
Alexey Drozd, Head of the Information Security Department of SearchInform, said: "When creating websites and mobile applications, security issues, unfortunately, often move into the background, because customers are interested in the appearance and functionality of solutions for which they pay. Of course, now there is no point in mass exploit found vulnerabilities on the MEPhI website, so the university because of this security incident will suffer only image losses. "
More interesting material on cisoclub.ru. Subscribe to us: Facebook | Vk | Twitter | Instagram | Telegram | Zen | Messenger | Icq new | YouTube | Pulse.