Contributors
Jeremiah Grossman
(WhiteHat Security)

Ofer Shezaf
(Breach Security ) [Project Leader]

The Web Hacking Incidents Database
Last update:07 November 2007

Incident WHID 2007-28

WHID 2007-28: US Embassy probes hacking of online visa appointment system
Date: 13 June 2007
Incident Type: Security Breach
WASC Threat Classification: Insufficient Authentication

If you live in a country from which you need a Visa to get to the states, you knew this would happen. The US online Visa appointment system is very open. Indeed too open. Someone in Jamaica took advantage of this to pre-allocate appointments.

While this might be classified as a business process design flaw, isn't security also about this?

References:



This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
© Copyright 2005, Web Application Security Consortium. All rights reserved.