IBM Kenexa LMS on Cloud 13.1 and 13.2 – 13.2.4 discloses answers to security questions in a response to authenticated users.