PLEASE NOTE:

MyNews24 is a user-generated section of News24.com. The stories here come from users.

 
Kevin Koekemoer
 
Comments: 15
Article views: 4272
 
 
Latest Badges:

 
View all Kevin Koekemoer's badges.
 

Massive E-toll website security flaw

08 January 2014, 07:22

An unofficial security advisory issued by a hacker identifying themselves as “Moe1” has warned E-toll users that the PINs used to log into their E-toll website accounts can be easily obtained if their username is known.

This is due to a page on the South African National Roads Agency Limited (Sanral) website which can be exploited to expose the PIN of any registered E-toll website user.

The page is intended to be used as part of a standard two-stage account registration process, Moe1 explained, where the user would click on a link in an e-mail to confirm their account.

However, the page at the link contains a “serious security problem,” according to Moe1. It provides the user’s PIN on the confirmation screen.

Although displayed as asterisks (*), creating the impression that the PIN is obscured, the PIN is actually available in clear text in the source code of the web page. The source can be easily viewed from just about any browser.

In the security advisory, Moe1 provides a four-step guide to “hack an E-toll account in 5 seconds”, along with a proof of concept exploit and a video of the exploit in action:

http://www.youtube.com/watch?v=cacn2vRWzF8

According to Moe1, armed with just someone’s E-toll username a hacker could obtain all kinds of sensitive information from the Sanral website.

This includes ID numbers, vehicle license plate numbers, postal addresses, and payment methods.

“It is great that Sanral informs you to keep your pin safe in their ‘Terms and conditions’ but it’s not very great that they give out your pin to anyone that basically requests for it,” Moe1’s advisory concluded.

Sanral was asked for comment but did not respond by the time of publication.

Disclaimer: All articles and letters published on MyNews24 have been independently written by members of News24's community. The views of users published on News24 are therefore their own and do not necessarily represent the views of News24. News24 editors also reserve the right to edit or delete any and all comments received.

 

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
15 comments
Comments have been closed for this article.

Read more from our Users

Submitted by
Manqoba Chunguane
Education should create sense fro...

The primary intention of this article is to show how education has been delivered to students to make nonsense instead of sense.  Read more...

0 comments 317 views
Submitted by
Danie Ferreira
Robert Nel's Oscar and the "what ...

Like most people I have analysed the evidence over and over. I envisaged the late Reeva hiding behind the door, hearing Oscar shouting at a supposed intruder in the house to: “Get the f… out of my house!”  Read more...

0 comments 391 views
Submitted by
boertjie
SABC playing hide and seek

People getting fired for wanting to show the truths of the citizens of this beautiful country called SOUTH AFRICA. Read more...

0 comments 149 views
Submitted by
De Niro Milan Koffman
Classism: An integral Part of Rac...

In South Africa, racism is probably the most common form of discrimination that one might encounter. As a result it is possible that we occasionally wrongfully classify different forms of discrimination as racism. Read more...

0 comments 166 views
Submitted by
MikeHampton
Parliament asks Public Protector ...

A Committee of Parliament has responded to my allegations of Democratic Alliance (DA) corruption and maladministration by asking the Public Protector to investigate. Read more...

0 comments 1768 views
Submitted by
Jane Hudson
Stalker nutjob Adam/VenomFrogX/Ex...

I first encountered this stalker named Adam when dealing with another crazy stalker named themeangirl3 who is now dead. Read more...

0 comments 189 views
 

services

E-mail Alerts The latest headlines in your inbox

RSS feeds News delivered really simply.

Mobile News24 on your mobile or PDA

E-mail Newsletters You choose what you want

News24 on Android Get the latest from News24 on your Android device.

SMS Alerts Get breaking news stories via SMS.

TV Get us in your home, on your television.

 
Interactive Advertising Bureau
 
© 2016 24.com. All rights reserved.
There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.




Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.