Security flaws discovered on official UK tax site

Monday 11 September 2017 10:15 CET | News

A researcher has discovered two separate flaws on the UK tax office while he was using the site to check his taxes, according to BBC.

The security researcher concluded that by exploiting either flaw the attackers could view or modify tax records or harvest key details from British citizens. Thus, after a short period of experimentation, he found that it was possible to use the HMRC site as a “forwarding service” and send a victim to any site an attacker wanted. This type of bug is known as an open redirect vulnerability and is a common weakness found on lots of different sites.

The second security issue was potentially more damaging as, if exploited, it could give an attacker control over a victim’s information, potentially letting them modify it. The code vulnerable to this serious bug was found in a website script used to digitally fingerprint users for fraud protection.

In response, the HMRCs online tax service said it had addressed the problems and was looking at improving ways for people to get in touch. Furthermore, HMRC is working with the National Cyber Security Centre (NCSC) to ensure that there is a single route for reporting security vulnerabilities to government.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: National Cyber Security Centre, NCSC, HMRC, online security, fraud protection, UK, Europe, security flaws
Categories: Securing Transactions | Digital Identity, Security & Online Fraud
Countries: World
This article is part of category

Securing Transactions