CVE-2014-2989

Name of the Vulnerable Software and Affected Versions Open Assessment Technologies TAO version 2.5.6

Description A cross-site request forgery issue allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a request to "Users/add".

Recommendations For Open Assessment Technologies TAO version 2.5.6, consider disabling the account creation functionality until a patch is available to prevent exploitation. Restrict access to the "Users/add" endpoint to minimize the risk of unauthorized administrative account creation.