CVE-2026-30707
Broken Access Control in SpeedExam ASP.NET Exposes Answer Keys
Publication date: 2026-03-17
Last updated on: 2026-03-24
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| speedexam | online_examination_system | From FEV2026 (exc) |
| speedexam | speedexam | From FEV2026 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-30707 is a Broken Access Control vulnerability in the SpeedExam Online Examination System. It occurs because the server-side method ReviewAnswerDetails does not properly verify if a user is authorized or if the exam is completed before returning answer details.
Authenticated attackers can bypass client-side restrictions and directly invoke this method via ASP.NET AJAX PageMethods to retrieve the full answer key for exams without having legitimately completed them.
The vulnerability arises from the server trusting client requests without validating user permissions or exam state, combined with security by obscurity where review buttons are hidden in the UI but the underlying API remains accessible.
How can this vulnerability impact me? :
This vulnerability can severely impact the integrity of the examination process by allowing unauthorized users to obtain correct answers without taking the exam.
- Attackers can extract full answer keys and accepted correct responses for multiple-choice and text input questions.
- It compromises the fairness and trustworthiness of the exam system, potentially invalidating exam results.
- Organizations relying on SpeedExam for assessments may face reputational damage and loss of confidence in their certification or evaluation processes.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by analyzing the web application's client-side JavaScript and network traffic to identify exposed ASP.NET AJAX PageMethods, especially the ReviewAnswerDetails method."}, {'type': 'paragraph', 'content': 'Using the browser console, you can attempt to call the PageMethods.ExamQuestionAnswerDetails method to retrieve exam questions and their IDs.'}, {'type': 'paragraph', 'content': 'Then, by scripting calls to the ReviewAnswerDetails PageMethod with the obtained Question_id values, you can check if the server returns full answer details without proper authorization.'}, {'type': 'list_item', 'content': 'Open the browser developer console and run: `PageMethods.ExamQuestionAnswerDetails(callback)` to get question IDs.'}, {'type': 'list_item', 'content': 'Iterate over the Question_id values and call: `PageMethods.ReviewAnswerDetails(questionId, callback)` to see if answers are returned.'}, {'type': 'list_item', 'content': 'Monitor network traffic (.HAR files) for calls to .axd files and PageMethods to identify unauthorized access attempts.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing proper server-side access control and validation for the ReviewAnswerDetails PageMethod.
Ensure that the server verifies whether the user is authorized to access the answer details and that the exam is completed before returning any sensitive information.
Avoid relying on client-side restrictions or hiding UI elements as a security measure.
Review and restrict access to exposed ASP.NET AJAX PageMethods to authenticated and authorized users only.