South Carolina capital website had a security flaw that exposed passwords

guest · Apr 25, 2019

South Carolina capital website had a security flaw that exposed passwords
The credentials included passwords for Columbia's databases and email protocol servers. The flaw has been fixed.
April 25, 2019
https://www.cnet.com/news/south-carolina-capital-website-has-a-security-flaw-that-exposed-passwords/

One bad search on the government website for South Carolina's capital city could've exposed an entire database.

The city of Columbia site had a security flaw in its search tool, according to independent security researcher Arif Khan. The flaw let anyone view passwords for the website's database and email protocol servers, creating a massive potential for abuse, Khan said on Thursday.
The flaw involved a misconfiguration of the site's search function. If you searched for a term that couldn't be found in the site's database, the site would inadvertently serve up an error page meant only for administrators.

Khan said he contacted city officials in September but never heard back from them. He reached out again in October, he said, and another security researcher also publicly contacted the city government in November on Twitter.
Click to expand...

Log in or Sign up

South Carolina capital website had a security flaw that exposed passwords

guest Guest

Log in or Sign up

South Carolina capital website had a security flaw that exposed passwords

guest Guest

Useful Searches