Skip to main content

Posts

Featured

[Responsible Disclosure] Zim e-Governance site ZimConnect vulnerabilities - It shouldn't be this easy

I've been hectically busy the past couple of weeks. Just started a Google Summer of Code style internship sponsored by SoftwareMill working on Slick. Finally found time to publicly disclose a number of vulnerabilities I discovered a few weeks back. Admittedly I was a bit lazy when writing this post, so bare with me. I've been busy of late. Overview This post serves as a disclosure of vulnerabilities identified by the aforementioned security researcher. The vulnerabilities identified pose a danger to the security and integrity of the ZimConnect eServices platform and could lead to the system being compromised by a remote attacker. Scope and Limitations of Assessment Discovery of these systems was done through inspecting HTTP requests when accessing the site and using public search engines. Due to legal limitations, the assessment was not performed beyond the scope allowed by the law to protect the researcher and as such the researcher feels the vul...

Latest posts

Hacking Econet 3G MIFI for fun and mostly more fun. Huawei E5332

[Responsible Disclosure] Multiple vulnerabilities in My-Econet app affecting millions of Econet-ZW subscribers.