18.2 C
Johannesburg
Sunday, December 22, 2024

Security vulnerability reported on Gauteng school web application

Must read

The Gauteng school applications website’s security problem has been brought to the notice of MyBroadband, they were informed of a potential security flaw on the Gauteng Department of Education’s admissions portal.

The website facilitates online applications for admission of learner to public schools from grades 1-8.

The website, makes it easier for the parents and guardians to apply online for their child to be admitted into any selected public schools in Gauteng.

Once they have completed the application form, parents can then monitor their application through the portal after logging in with their user name and password.

These credentials are provided to users once they register an account and submit an application.

Gauteng School Application

A potential security issue was reported to MyBroadband by a concerned user who used the admissions portal.

To monitor their applications, users are provided with a URL directing them to a page on the website – from which they can monitor their application after logging in.

After logging in and viewing their application, however, the user reported that they could change the application number at the end of the URL to view other applicants’ details.

By changing the application number at the end of the URL in their web browser, the user could see the following details of other applicants” (School name, Learner’s full name, Parent/Guardian’s full name, Learner’s ID number, Parent/Guardian’s ID number, Distance from school in km.

This potential security issue could be due to a failure to properly secure each application against access by other registered users, making all applications accessible to any applicant logged in to the system.

MyBroadband contacted the Gauteng Department of Education, alerting them to the potential issue and asking for feedback on the matter.

The department confirmed it had received notification of the problem. Despite multiple follow-ups, however, it did not provide feedback.

- Advertisement -

More articles

Post a Comment

- Advertisement -

Latest article