35 Vulnerabilities Discovered in Open Source Software: Hacker Contest Successfully Concluded

23. March 2022

In the winter semester 2021/2022, the popular course "Hacker Contest" was again held at the Technical University (TU) Darmstadt. This year, the event was led by Matthias Göhring, Head of usd HeroLab, and Tobias Hamann, Consultant IT Security at usd HeroLab. Within the framework of the Hacker Contest, students deal with IT security topics in a practice-oriented manner. For this purpose, usd HeroLab provides a controlled environment with its PentestLab, in which the participants* can try out the search for vulnerabilities, tools and attack methods for networks and systems and apply appropriate protective measures.

In the course of this year's practical assignment, the students searched for vulnerabilities in various open source software projects. They were able to find a total of 35 vulnerabilities and report them to the developers in compliance with the Responsible Disclosure principle (analogous to the usd Responsible Disclosure Policy).

"As expected, the developers' reactions were mixed," reports Matthias Göhring. "However, we are very pleased that some explicitly thanked us for the report and also fixed the vulnerabilities promptly. The students have made a valuable contribution to the open source community and to more secure software. I think that's really something to be proud of!"

Tobias Hamann is particularly happy about the great commitment of the participants: "Our Hacker Contest is a demanding class - we are aware of that. We are all the happier about the great motivation with which the students participate each time. And about the positive reactions: The practical relevance and our PentestLab as a training environment are praised year after year. A big thank you once again to all participants. We are already looking forward to next semester!"

Also interesting:

Top 3 Vulnerabilities in SSO Pentests

Top 3 Vulnerabilities in SSO Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...

Categories

Categories