Monthly archive

Syndicate

Not a fan of RSS, but still want to know when new incidents appear on ESI? Subscribe to e-mail alerts, powered by FeedBurner

Let Us Know

Know of an incident not listed here? Find a mistake in one of the incidents? Have a comment or recommendation for the editors? Let us know by using the Contact Us form.

Degree Auditing System Security Lapse Makes University of Oregon GPAs Visible Online

Submitted by Adam Dodge on Sun, 2009-08-02 17:30

Quick Facts

Date: 8/2/2009
Institution: University of Oregon
Type of Incident: Unauthorized Disclosure
Number Affected: 20
Source: DataBreaches.net
Abstract Source: Oregon Daily Emerald

Abstract
The University of Oregon quickly fixed a security hole in the university's degree auditing system, DuckWeb. The hole, discovered by Daniel Bachhuber a University of Oregon student, allowed DuckWeb users to access other student educational records by slightly changing the printer friendly view URL. According to University of Oregon Registrar Sue Eveland, the security hole would only have allowed access to around 20 student records. The information contained in the DuckWeb records vulnerable did not contain any Social Security numbers. According to Eveland, the only person to exploit the security hole was Bachhuber and this was the first time the university was made aware of the problem.

Printer-friendly version

Copyright (c) 2010 Adam Dodge unless otherwise noted. This work is the intellectual property of the author (unless otherwise noted) and all rights are reserved. Permission is granted for this material to be shared for noncommercial, educational purposes, provided that the material appears unaltered and credit is given to the author. To disseminate otherwise or to republish requires written permission from the author.

Educational Security Incidents (ESI)

Secondary links

Reports

Categories

Monthly archive

Syndicate

Let Us Know

Degree Auditing System Security Lapse Makes University of Oregon GPAs Visible Online