Obama’s Website Vulnerable

Thursday, September 22, 2011 @ 05:09 PM gHale


There is secure and then there is really secure; so you would think the President of the United States’ web site would fall in that really secure category – or maybe even beyond that a bit.

Wrong.

The website of the President of the United States contains major XSS vulnerabilities that hackers could exploit, according to Vulnerability Lab which found the flaw.

RELATED STORIES
Cisco ISE Vulnerability
Oracle Security Holes
Cisco Patches Critical Vulnerabilities
More SCADA Vulnerabilities Hit Industry

This was not the first time when the official website of Barack Obama turned out to be vulnerable. The site suffered a hack a year ago, but that time the cyber criminals wore took it over.

As the Vulnerability Lab report details, the attacker who would profit from this “can form malicious requests which pass through the backend (not parsed!) & can be displayed as outgoing info@barakobama.com mail. Attackers can hijack (steal) backend sessions of the portal users/admins & can send malicious mails by the original postbox.”

This means that anyone could have received emails from the president himself. Now that’s what I would call a spam message to frame and hang on the wall.

XSS vulnerabilities, also known as cross-site scripting, allow a hacker to inject malevolent scripts into dynamic web pages, which he can later rely on to gather information from the user on whose machine the script corrupted.

The security risk was high and as a recommendation, the use of a Web Vulnerability Scanner is the best way to prevent unfortunate events.

The solution proposed by the vulnerability experts consists of restricting the username and email fields and patching up the output sections where the related data displays.



Leave a Reply

You must be logged in to post a comment.