India has emerged as a hotspot for the Coronavirus pandemic, with the country witnessing around 100,000 cases daily.
Collating data of Coronavirus patients is the government’s responsibility, and it seems that the state government of Uttar Pradesh, the biggest state in India, has failed to safeguard the COVID-19 portal. As reported by security researchers from VPNMentor, the COVID-19 surveillance platform of Uttar Pradesh has been compromised, thus exposing the personal data of millions of Indians for anyone to access.
The platform, called “Surveillance Platform Uttar Pradesh Covid-19,”, reportedly built by the regional government of Uttar Pradesh, has numerous vulnerabilities that could jeopardize the country’s plans to control the spread of the virus.
First, the git repository used to store data of millions and contain the source code for the platform was unsecured. No security protocols were put in place, and anyone with knowledge of the platform’s URL and credentials of git repository could access the data.
Source: VPNMentor
More importantly, the repository also had a data dump of the admin dashboard’s stored login credentials. The data dump included the username and password used to access the dashboard. Due to ethical reasons, the security researchers did not check manually using the exposed credentials to sign-in into the dashboard. However, through a thorough investigation, the team confirmed that the credentials were valid and could be used to access the dashboard.
Moreover, the admin passwords were four-digit numbers, and several accounts shared the same password, thus increasing the chances of illicit exposure if a hacker were to breach the portal.
Secondly, the researchers spotted a directory listing of CSV files in an exposed we ..
Support the originator by clicking the read the rest link below.
