Docket has assured us they have identified what caused the bug and have resolved this issue. Docket notified us of a bug within its system that could potentially allow users to receive the personal information of other users. The Utah Department of Health is committed to ensuring the privacy of Utah residents and expects its contractors and partners to maintain the same commitment. Tom Hudachko, a spokesperson for Utah’s Department of Health, said: (Docket is available for Minnesota residents, but the state has not yet deployed QR codes.) The Department continues to work with Docket to ensure their ongoing vigilance on this matter.Ī spokesperson for Minnesota’s Department of Health also not reply. At this time, Docket is investigating for any indication of potential records that could have been compromised. The privacy and security of Docket users remains paramount. No other functionality of the app was affected. Docket assured the Department that they identified and fixed the vulnerability within the code. The New Jersey Department of Health was notified by our vendor, Docket, of a code vulnerability related to the recent release of a QR code associated with the app. Nancy Kearney, a spokesperson for New Jersey’s Department of Health, said in a statement: Perretta said the company is “currently in the process of reviewing logs to determine if there was any malicious activity on the platform.” Perretta also said that the company was working to inform state governments about the lapse but did not say if the company planned to notify its users of the security lapse. It’s not known if anyone else discovered the bug. Worse, Docket user IDs are sequential, and so new QR codes could be enumerated simply by changing the user ID by a single digit. That meant it was possible for any app user to change their user ID and request someone else’s QR code.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |