Security hole found in Obamacare website

Security hole found in Obamacare website

By Jose Pagliery CNN Money October 29, 2013  The Obamacare website has more than annoying bugs. A cybersecurity expert  found a way to hack into users’ accounts.  Until the Department of Health fixed the security hole last week, anyone  could easily reset your Healthcare.gov password without your knowledge and  potentially hijack your account.  The glitch was discovered last week by Ben Simo, a software tester in  Arizona. Simo found that gaining access to people’s accounts was  frighteningly simple.

You could have:

* guessed an existing user name, and the website would have confirmed it   exists.

* claimed you forgot your password, and the site would have reset it.

viewed the site’s unencrypted source code in any browser to find the   password reset code.

* plugged in the user name and reset code, and the website would have  displayed a person’s three security questions (your oldest niece’s first  name, name of favorite pet, date of wedding anniversary, etc.).

* answered the security questions wrong, and the website would have spit out the account owner’s email address — again, unencrypted.

[…]

http://money.cnn.com/2013/10/29/technology/obamacare-security/index.html

Advertisements

About Educational CyberPlayGround, Inc.®

Educational CyberPlayGround, Inc. strives to help Teachers, Parents, and Policy Makers Learn about: Music, Teaching, Internet, Technology, Literacy, Arts and Linguistics in the K12 classroom.
This entry was posted in NetHappenings and tagged , , , , , , , , . Bookmark the permalink.