Armed Forces learning platform: security vulnerability fixed
Following a tip from a user, a gap in the Swiss Army's learning platform was closed together with the manufacturer.
At the end of February, a registered user reported a gap in the Swiss Armed Forces' Learning Management System (LMS) to the federal data protection office. The learning platform is available to members of the armed forces and federal employees for training, courses and virtual meetings.
The vulnerability made it possible, for example, to view mail addresses or personnel numbers of people registered in the LMS. According to the federal government, the operator has since initiated "immediate measures" together with the manufacturer to eliminate the vulnerability. The vulnerability was identified in the area of an interface between the old, still active learning platform and a new version of the user interface.
However, according to the federal government, the user was "only" able to detect the security leak due to his "functional knowledge". An evaluation of the accesses by the manufacturer has now shown that no unauthorized users had access to the data of other users. In order to better secure the LMS in the future, security tests will be carried out on an ongoing basis, the statement concludes.
Source: Media release of the Defense Group