SC Media reports that nearly 20 government and legal systems, including voter registration solutions, are impacted by over 25 critical permission control vulnerabilities, which could have been exploited to enable account takeovers and public information compromise.
Among the identified security issues was a bug in Georgia's voter registration cancellation portal that allowed registration reversals for anyone with a particular voter's public information, as well as a flaw in the public records management platform Granicus GovQA that allowed unauthorized password resets via web address manipulation, according to a study from cybersecurity researcher Jason Parker.
Parker called for the implementation of stronger permission controls and regular security audits among government agencies and courts. Other cybersecurity experts also emphasized the importance of adopting not only more robust penetration testing but also proactive security measures in defending government systems.
"Pentests should be performed frequently since threat landscapes are constantly evolving and exploitable vulnerabilities are constantly discovered. However, a good security strategy should also include a vulnerability program that includes regularly executed vulnerability scans, patching, and vulnerability remediation. Supply chain issues should also be considered when assessing security and securing environments," said Horizon3.ai offensive security expert Phil Wylie.
