35 Vulnerabilities Discovered in Open Source Software: Hacker Contest Successfully Concluded

23. March 2022

In the winter semester 2021/2022, the popular course "Hacker Contest" was again held at the Technical University (TU) Darmstadt. This year, the event was led by Matthias Göhring, Head of usd HeroLab, and Tobias Hamann, Consultant IT Security at usd HeroLab. Within the framework of the Hacker Contest, students deal with IT security topics in a practice-oriented manner. For this purpose, usd HeroLab provides a controlled environment with its PentestLab, in which the participants* can try out the search for vulnerabilities, tools and attack methods for networks and systems and apply appropriate protective measures.

In the course of this year's practical assignment, the students searched for vulnerabilities in various open source software projects. They were able to find a total of 35 vulnerabilities and report them to the developers in compliance with the Responsible Disclosure principle (analogous to the usd Responsible Disclosure Policy).

"As expected, the developers' reactions were mixed," reports Matthias Göhring. "However, we are very pleased that some explicitly thanked us for the report and also fixed the vulnerabilities promptly. The students have made a valuable contribution to the open source community and to more secure software. I think that's really something to be proud of!"

Tobias Hamann is particularly happy about the great commitment of the participants: "Our Hacker Contest is a demanding class - we are aware of that. We are all the happier about the great motivation with which the students participate each time. And about the positive reactions: The practical relevance and our PentestLab as a training environment are praised year after year. A big thank you once again to all participants. We are already looking forward to next semester!"

Also interesting:

DORA Deep Dive: Threat-Led Penetration Testing (TLPT)

DORA Deep Dive: Threat-Led Penetration Testing (TLPT)

The Digital Operational Resilience Act (DORA) will apply as of January 17, 2025. In addition to routine operational resilience testing, DORA will also make it mandatory for certain financial companies to carry out threat-led penetration testing (TLPT) every three...

Security Advisory on Gambio

Security Advisory on Gambio

The pentest professionals at usd HeroLab examined the online shop software Gambio during their pentests. The software offers merchants various functions that support the management of inventory and orders. Our professionals discovered a vulnerability in the password...

Categories

Categories