Read on Twitter
To the entire #infosec and reverse engineering community.
There has been a huge issue concerning @ExamSoft and their website and application security over the past few weeks.
I welcome any and all of you to please take a look at this and evaluate it.
It appears concerning. https://twitter.com/ExamSoft/status/1311321042980425728
There has been a huge issue concerning @ExamSoft and their website and application security over the past few weeks.
I welcome any and all of you to please take a look at this and evaluate it.
It appears concerning. https://twitter.com/ExamSoft/status/1311321042980425728
I have received several messages from many concerned people attempting to use the platform to take their tests
I have also attempted to reach their security team to no avail.
I have also attempted to reach their security team to no avail.
Let me show everyone a serious and valid concern https://twitter.com/technologyatty/status/1311162739570610177?s=19
Additionally let me demonstrate the condition of their website in this thread:
Figure 1
Figure 1
Figure 2
Figure 3
They also appear to process usernames and password requests in a concerning way
This locked up their login system for several minutes vs any other username password combination
This locked up their login system for several minutes vs any other username password combination
Dear @ExamSoft
It is my professional opinion, as a recognized individual in cybersecurity, that you please reevaluate your website, application, and communication processes for the sake of security. Your users have genuine concerns.
Please address & fix them
It is my professional opinion, as a recognized individual in cybersecurity, that you please reevaluate your website, application, and communication processes for the sake of security. Your users have genuine concerns.
Please address & fix them
Also @ExamSoft
if you need help in establishing security or advice on setting up a bug bounty program to help identify issues like these in a safe and less public manner.
Let me introduce you to my good friend @Bugcrowd
if you need help in establishing security or advice on setting up a bug bounty program to help identify issues like these in a safe and less public manner.
Let me introduce you to my good friend @Bugcrowd
