[cody8295]

I was once fired from a state job (USA) for bringing a vulnerability forward in the online ethics training. You can run "setScore(100, 0, 100)" in the developer console and pass the exam without actually taking it. (The state used a third party online exam provider who I contacted). I was fired by the end of the week

[SEJeff]

I had to do "online traffic school" and noticed there were 2 javascript variables that were on a timer. If you set the variables correctly in the right order, the timer expired and it would let you go to the next page.

I spent the time figuring this out because I read exceptionally fast. When I've read a page in a few minutes and the timer forces me to sit there for an additional 13 minutes, I'm going to figure those things out. It was silly.

[cody8295]

Edit: the vulnerability still exists on many online exam styled pages.

[WrtCdEvrydy]

Of course it does, half the fucking garbage software you use in a browser is using shitty client side validation.

[mLuby]

Sorry you got fired from your old job. Sounds like your new job could be "pay a dollar to skip the exam."

[heyjudy]

Yeap. Kill the Messenger is the default setting. It's a miracle Snowden is still alive.

[saagarjha]

In that case you fail the test for showing a lack of ethics ;)

[excalibur]

I would say the state failed the ethics test for firing him.

[judge2020]

We don't have the full details but presumably this was on a single test at the beginning of the class.

[dragonwriter]

I suspect you were fired for trying and using the vulnerability (which you no doubt did merely to confirm your suspicion of it) rather than for bringing it forward, which merely provided the evidence for the reason for firing.

Though you probably would have done better to report the problem through the state authorities overseeing the contractor (or the general government oversight agency, like th Bureau of State Audits in California) rather than the contractor, to whom your report was a threat of revealing their poor performance.

If nothing else, a report to responsible state authorities would be less likely to meet with someone with an incentive to sweep it under the rug (especially a general oversight body) and would be more likely protected by whistleblower protections, which most states have in some form.

[rhexs]

Did you hire an attorney, or just move on with life?

[empath75]

Online cbts like that are mostly honor system and there’s a zillion ways to get around then.