The social security system, The exposed proximal 2 0 0 vulnerabilities, a hacker can obtain sensitive information-vulnerability warning-the black bar safety net

2015-07-21T00:00:00
ID MYHACK58:62201564869
Type myhack58
Reporter 佚名
Modified 2015-07-21T00:00:00

Description

In recent years, because of the leakage of personal information causes of telecommunications fraud, crooks know of the victims unit, name, ID number, level of income. The social security system vulnerability to cause the leakage of personal information, may be one of the sources. 2 0 1 3 year to date, the domestic vulnerability of the platform on the submission of a variety of social security, Medicare vulnerability up to 2 0 0 rest of the article, there is the problem of the lack of provincial and Ministerial level official website.

Security experts say that users pay the social security, provident Fund process, a plurality of links that may appear loophole, the information for a hacker to steal. For example: 2 0 1 3 years, in the oil of a sub-center of the housing provident Fund Management Center was invaded; the 2 0 1 4 year, the Beijing municipal housing management center of the exposed vulnerabilities, without the need to login to view someone else's Fund balance; 2 0 1 5 years, the XI'an housing provident Fund system design defects, may bypass the password to query personal account information. Like these provincial Central Administration, the Manager millions to pay the owner of the personal information, which is information leakage caused by impact can not be underestimated.

In particular, it is worth noting that similar vulnerabilities exposed after, the Manager even if the loopholes to make up, but before had leaked the information also cannot be recovered, destroyed, or even whether it was ever invaded are unknown. Only scammers use this information to begin to commit fraud, the event can not hide only to be known.