SRB website under cybersecurity threat

SRB website under cybersecurity threat

KARACHI: The official website of Sindh Revenue Board (SRB) has been identified as cyber-vulnerable and prone to citizen’s data leakage.

National Telecom and Information Technology Security Board (NTISB) has issued an advisory through a notification dated March 03, 2021.

It said that critical vulnerabilities had been identified in website of SRB (notification can be downloaded https://download1.fbr.gov.pk/Docs/202131115323494Advisory8.pdf) that may result in database access and manipulation, exfilteration of sensitive data, remote take-over of users’ sessions and website defacement.

Identified vulnerabilities are as under:

a. SQL injection in database

b. Citizen’s data leakage

c. Cross site scripting

d. Unecrypted/plain text transfer of users’ credentials

e. Cross site request forgery

f. Microsoft IIS Tilde directory enumeration

g. Internal IP addresses and server-side paths disclosure

h. Session cookies lacking secure flags

i. Server/ASP net version disclosure

j. Stack traces and error messages on web pages

k. Server-side technology stack documentation pages on public website.

For impact of above mentioned vulnerabilities and guidelines for prevention can be downloaded https://download1.fbr.gov.pk/Docs/202131115323494Advisory8.pdf

Leave a Reply

You have to agree to the comment policy.