After I have talked about Privacy of University Grades, I now want to talk a bit about the security of university grades and present a vulnerability in a frequently used software.

Security of University Grades

Many of my Professors in the Mathematical Institute and also many Professors in other Universities use OKUSON to publish, manage, and grade homework assignment. OKUSON is an open source software written in python which provides a complete web server and was made at RWTH Aachen. Back in mid 2013 I screened the source code and was not amused in the first place because the coding style was what I would consider *not so good* (the software mainly consists of one file containing ~4000 lines of code with rare comments). However, my amusement raised after a while when I found the first vulnerability.

Have a quick look at the relevant code: Continue reading →