SRB website under cybersecurity threat

SRB website under cybersecurity threat

KARACHI: The official website of Sindh Revenue Board (SRB) has been identified as cyber-vulnerable and prone to citizen’s data leakage.

National Telecom and Information Technology Security Board (NTISB) has issued an advisory through a notification dated March 03, 2021.

It said that critical vulnerabilities had been identified in website of SRB (notification can be downloaded that may result in database access and manipulation, exfilteration of sensitive data, remote take-over of users’ sessions and website defacement.

Identified vulnerabilities are as under:

a. SQL injection in database

b. Citizen’s data leakage

c. Cross site scripting

d. Unecrypted/plain text transfer of users’ credentials

e. Cross site request forgery

f. Microsoft IIS Tilde directory enumeration

g. Internal IP addresses and server-side paths disclosure

h. Session cookies lacking secure flags

i. Server/ASP net version disclosure

j. Stack traces and error messages on web pages

k. Server-side technology stack documentation pages on public website.

For impact of above mentioned vulnerabilities and guidelines for prevention can be downloaded

Leave a Reply

You have to agree to the comment policy.