<![CDATA[This study aims to identify and exploit security vulnerabilities in the Learning Management System (LMS) of a university, with a primary focus on Broken Access Control (BAC) flaws resulting from misconfigurations in user access settings. With the rising threat of data breaches, this research also analyzes the extent to which security principles are applied to protect sensitive LMS user data—an increasingly critical issue in the digital era.The research approach began with the signing of a Non-Disclosure Agreement (NDA) to ensure the confidentiality of information, followed by an analysis of existing vulnerability assessment reports. Penetration testing was then conducted to identify potential unauthorized privilege escalation and further exploitation of vulnerabilities within the system. The analysis revealed a BAC vulnerability that allowed attackers to modify user roles without authorization. Additionally, it identified the use of the outdated MD5 hashing algorithm and the insecure storage of sensitive data on the client side without proper encryption. The exploitation of these vulnerabilities demonstrated that an attacker could gain administrator access simply by manipulating user roles, thereby enabling access to over 117,000 user records, including personal information and health history.This research contributes in three main aspects: first, an in-depth identification of critical vulnerabilities within the LMS, particularly concerning weak access control and inadequate data protection; second, a demonstration of how BAC exploitation can lead to the leakage of sensitive data in higher education environments; and third, the provision of mitigation recommendations based on current security best practices, such as the implementation of Role-Based Access Control (RBAC), the principle of least privilege, stricter role validation, Zero Trust Architecture, and the integration of artificial intelligence (AI) to detect threats early and provide automated responses to potential attacks.It is expected that this research can serve as a guideline for educational institutions in strengthening LMS security systems and more effectively protecting user data.]]>
