Yesterday, we mentioned the PADU database, how to register for it and how safe it is. Merely hours after its launch, someone found a major flaw in the new database. That said, what should you know about it?
According to useState (drmsr) on X, anyone can change your PADU password if they have your IC number. Thanks to multiple screenshots from the tipster, we can see how easy it is to exploit this flaw through API calls. In addition, the tipster gives a more detailed analysis through his Hashnode blog.
Guess what.
— useState('drmsr') (@drmsr_dev) January 2, 2024
I only need your IC number to override and change your PADU login password.@farhanhelmycode @rafiziramli @Dr_Uzir @lamkanahraf pic.twitter.com/m1K2mR3wP2
In addition, the tipster updated his tweet on the subject, saying the PADU dev team has changed the API to fix the flaw. This issue also caught the attention of the Ministry of Economy, with the latter issuing a response tweet and apology for the inconvenience. According to the gov body, they are working on the improvements as we speak.
Interestingly, they assumed this flaw and the feedback on this issue as a “positive criticism”. With the recent PERKESO fiasco and major data leak incidents that happened recently, it is safe to say that Malaysians are hugely concerned about their data. If anything, this incident only makes people more sceptical of the government’s online initiatives.
What are your thoughts about this news? Stay tuned for more news and updates like this at TechNave!
COMMENTS