Canvas glitch allows unauthorized access to email accounts
THE SANTA CLARA
January 30, 2014
Complaints about a lack of online security have emerged on campus regarding a disconcerting computer error that has been plaguing Santa Clara in recent weeks.
Students say that entering their username and password into the university login page can give them access to a different student’s Gmail account. The incorrect email accounts appear to be those of past users of the same computer.
Sophomore Trenton Nagasawa, who often uses his roommate’s computer to print class documents, often finds himself looking at the roommate’s email, despite entering his own login info. Other students have experienced this problem on shared school computers.
“I’ve noticed the problem when I’m giving an in-class presentation or when I’ve tried to download something in the library,” said senior Kevin Scurich. “It seems to only really happen on school computers.”
Although reported cases have been limited, the prospect of other students getting access to personal information is frightening.
“This could be an issue when doing group projects,” said senior Lauren Shigemasa, who has also encountered the glitch. “I receive tuition emails from the Bursar’s Office and bank statements on my Gmail account.”
If this issue persists, other students might have access to this information.
When asked about this issue, Christopher Billet, a student Information Technology service technician, explained that he has noticed this issue primarily in the common printing computer in Lucas Hall.
“I believe the problem is in the integration software between Canvas and the SCU login with Gmail,” said Billet. “Students will login to Canvas to print out documents for classes. They’ll hit logout in Canvas, but that won’t fully log them out of the server.”
This allows another person, who is using the same computer to access the previous user’s email when they login, despite entering their own information.
The Santa Clara Student Technical Services Desk has not received any formal complaints about this issue, but they understand that there is some confusion in the single login system that Santa Clara uses.
“I typically want to reproduce a problem three times before I’m going to put my professional credentials saying Camino is the problem,” said Michael Miller, manager of the student IT desk, “but we think this is it.”
IT will run more tests to observe the problem more fully before giving a definitive reason for the reported issues.
The IT department stresses the importance of logging out of all accounts when leaving a publicly-used computer.
“If someone leaves their browser window open with their login session active even though they may have closed the Gmail window, if somebody else comes and uses that same browser window and goes to Gmail, they’ll get access into the first user’s Gmail account,” said Todd Schmitzer, manager of networking and telecommunications at Santa Clara.
As online privacy has become increasingly relevant, students are encouraged to pay special attention to user input.
Contact Nicolas Sonnenburg at firstname.lastname@example.org.
Correction: January 31, 2014
The original online version of this story was edited to emphasize Gmail issues at Santa Clara University.