Healthcare.gov has been racked with technical problems since the site's launch, but a new vulnerability may have unintentionally exposed users. Last week, researcher Ben Simo reported that the sites Password Reset function was vulnerable to social engineering, and that by manipulating the site, an attacker could deduce whether a given username was in use and what email address was associated with that username. The vulnerability was reportedly fixed on Monday, but for days after its reporting, crucial user info was exposed to anyone with rudimentary web skills.
via The Verge - All Posts http://www.theverge.com/2013/10/30/5046482/security-hole-in-healthcare-gov-exposed-user-email-addresses
No comments:
Post a Comment