Spaces:
Running
Potential Security Issue: Unrestricted Name Change on Certification Certificates
Hi Agents-course team,
I recently completed one of your certification courses (thank you for providing such high-quality learning resources!). However, I noticed a potential issue related to the certificate generation system that could lead to misuse.
Currently, after completing the course:
The platform allows users to change the name that appears on the certificate at any time.
The certificate can then be downloaded in .webp format with the updated name.
This process can be repeated multiple times, allowing anyone to generate certificates under different names—without requiring identity verification or re-taking the course.
Why this is a concern:
This creates a risk of certificate forgery. For example, someone could:
Complete the course once and generate certificates for friends or others who haven’t taken it.
Use the altered certificates in resumes, job applications, or LinkedIn profiles, misleading others about their qualifications.
Suggested Improvements:
Lock the certificate name to the verified name of the user upon course completion.
Limit or log name changes with admin oversight.
Use watermarks or unique identifiers tied to the user ID and certificate hash.
Add optional identity verification for enhanced credibility.
Let me know if this is already being addressed. I just wanted to bring it to your attention to help maintain the integrity of your certification program.
Thanks for your time and for all the awesome work at Hugging Face!
Best regards,
raNd0m-uZeR