Missing Authentication In IDAttend’s IDWeb Application
Description
Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authentication in IDAttend's IDWeb GetAssignmentsDue method allows unauthenticated attackers to extract sensitive student and teacher data.
Vulnerability
Missing authentication in the GetAssignmentsDue method of IDAttend's IDWeb application versions 3.1.052 and earlier (including 3.1.013 as identified in the advisory [1]) allows unauthenticated access to sensitive student and teacher data.
Exploitation
An unauthenticated attacker can craft a request to the GetAssignmentsDue endpoint without providing any credentials or session token. Because the method lacks an authentication check, the attacker retrieves the sensitive data directly [1].
Impact
Successful exploitation results in the disclosure of sensitive student and teacher information, such as assignment details and potentially personal data. This is a breach of confidentiality [1].
Mitigation
The vulnerability is fixed in IDWeb version 3.1.053 [1]. Users should upgrade to this version or later to remediate the issue. No workarounds are documented in the available references.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- IDAttend Pty Ltd/IDWebv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.