11/19/2008
Federal authentification system for civil servants has some problems
A security researcher will know what it means what he sees this and he will also know the risks. But some security researchers have only so much patience and this is why responsable disclosure and independent audits are necessary in Belgium. There is no other way to oblige the owners of the systems to do the necessary thing. You can send mails and wait and it can take months (like in this case) before anyone will even respond or take notice.
You have to understand this is not a website, this is a very critical webservice.
https://www.belgium.be/usermgmt/eGovSAML/eGovAuthenticati...
and if you know what is wrong - totally wrong with what you are seeing - keep it to yourself or mail it to whoever may be interested (but remember you are NOT allowed to DO anything with it). Googlehacking is as far as you can go.
What is even more annoying is that sources say that they were informed more than two months ago....
Just one tip, it ain't what you see on first sight that is interesting....
12:32 | Permalink | Comments (0) | Email this
| 
| 
del.icio.us
|
| 
Digg | 
Facebook
Post a comment