Reaction to reported vulnerability in Proctorio
On Tuesday 15 December 2021, RTL Nieuws reported on a vulnerability in the browser plug-in of Proctorio. The vulnerability was found by two ethical hackers from the security company Computest. Proctorio was notified by Computest on 17 June 2021, after which the vulnerability was resolved within a week. As the browser plug-in automatically updates by default, the version in use is no longer subject to this vulnerability. This has been confirmed by the ethical hackers. The recent report by RTL was the first time that Leiden University was made aware of this issue. There is currently no indication that this vulnerability was used against students of Leiden University, or any other students.
As the vulnerability has been fixed, and Proctorio and Leiden University have not received or been able to trace any reports of abuse, Leiden University does not see a reason to stop the use of Proctorio. Proctorio is only used as a last resort tool for examinations at Leiden University, should no other form of examination be possible. For more information about the use of Proctorio at Leiden University, please see the manual.
Leiden University is continuing to monitor the situation and is in consultation with other education institutions in the Netherlands and with Proctorio regarding the matter. It is important that one always installs the latest updates to the software in use. It is also recommended to remove any browser extensions that are no longer needed. In the case of software, like Proctorio, that is not used regularly, these can be removed and reinstalled when needed.
Students can go to their institute if they have any questions or concerns.