External security tests revealed that the Gov.uk One Login system has critical vulnerabilities that could allow unauthorized access to privileged accounts without detection. A recent red teaming exercise by Cyberis illustrated the weaknesses in the security infrastructure; these findings coincide with previous warnings from the Cabinet Office and the National Cyber Security Centre about data protection issues within the system. With six million users relying on One Login to access government services, the implications of these vulnerabilities are significant, and urgent measures are being sought to address them, according to the government.
The existence of a serious current vulnerability will raise further concerns over the security of One Login, which is intended to be the way that citizens prove their identity and log in to most online government services.
Cyberis discovered that privileged access to One Login can be compromised without detection by security monitoring tools, highlighting the system's lack of resilience.
Collection
[
|
...
]