Countermeasures has been taken by the Federal Communications Commission to combat the vulnerability that was recently discovered to affect their official website after it realized that a user could easily manipulate the operations of the platform by uploading a virus.
A back door was uncovered by security researchers on the comment section of the website which gave access to users to upload any files of their choice after obtaining a software key.
No Proof Of Virus
The agency claimed that though there is no proof that a virus has actually been uploaded as procedures had been put in place from the onset to prevent this from happening, it is still taking preventive measures to avoid a breach of their system’s security by disabling the ability for users to upload any kind of files at the moment.
Besides that, the agency is taking further actions by running a thorough penetration test of the website while getting in touch with their cloud service providers to ensure that the website is free of any attack. The weakness was found in the Application programming interface(API) of the website.
Though this API is not publicly accessible to users, expert exploiters were able to gain access to it.
The Experts stated that they were able to request access to software keys through the comment section which was actually sent to their emails by the system. While this came as a great surprise to the exploiters, they discovered that they could upload any manner of files including extremely large files, trojans, malwares and viruses which come in form of executable codes.