Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Hackers Compromise 62 Colleges via Campus ERP Platform

Hackers have managed to compromise 62 colleges and universities by exploiting a vulnerability in the Ellucian Banner system, the U.S. Department of Education warns.

Hackers have managed to compromise 62 colleges and universities by exploiting a vulnerability in the Ellucian Banner system, the U.S. Department of Education warns.

The vulnerability resides in Banner Web Tailor, a tool designed for registration, curriculum management, advising, administration, and reporting. It allows students to access and change their registration, graduation, and financial aid information. Ellucian Banner Enterprise Identity Services is also impacted. 

Tracked as CVE-2019-8978, the issue is triggered when SSO Manager is used as the authentication mechanism for Web Tailor. This could result in information disclosure and loss of data integrity for the impacted users, Joshua Mulliken explains in an advisory

The vulnerability was discovered in December 2018 and a patch has been available for a couple of months. Only Ellucian Banner Web Tailor versions 8.8.3, and 8.8.4, and Banner Enterprise Identity Services versions 8.3, 8.3.1, 8.3.2, and 8.4 are affected by the security flaw. 

Attackers targeting the vulnerability can steal a victim’s session and then log into the Banner system. The attackers would then be able to perform various operations, depending on the administrative privileges granted to the affected account. 

“The Department has identified 62 colleges or universities that have been affected by exploitation of this vulnerability. We have also recently received information that indicates criminal elements have been actively scanning the internet looking for institutions to victimize through this vulnerability and developing lists of institutions for targeting with this exploitation,” the Department of Education warns.

Once the attackers gain access to the system, they leverage scripts in the admissions or enrollment sections to create multiple student accounts, the alert reads. 

Affected institutions reported the creation of at least 600 fake or fraudulent student accounts within a 24-hour period. Over the course of multiple days, the attackers created thousands of fake student accounts, some of which were leveraged almost immediately for criminal activity. 

Advertisement. Scroll to continue reading.

“Although it was reported that attackers can leverage the vulnerability discussed above to create accounts, Ellucian believes this is not correct. The issue described in the alert is not believed to be related to the previously patched Ellucian Banner System vulnerability and is not exclusive to institutions using Ellucian products,” Ellucian claims

The company notes that the attackers are utilizing bots to submit fraudulent admissions applications and to obtain institution email addresses through accessing application portals.

The company also notes that, while Banner Web Tailor 8.9 was also listed as affected by the vulnerability, it is not affected. Patches for the impacted software versions were released on May 14, 2019 and are included in all subsequent roll-up software releases, the company says. 

“There is no indication that student or institutional data has been compromised. The patched vulnerability is extremely difficult to exploit and unlikely to occur outside of a laboratory setting,” Ellucian says. 

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.