Security13.03.2014

New E-toll website security flaw uncovered

By Staff Writer

There is a vulnerability on the E-toll website that lets any registered user access anyone’s outstanding balance, according to a report on ITWeb.

The report said that exploiting the vulnerability is trivial, and indicated that all that is needed is an E-toll account and a modern browser with built-in developer tools.

This is because the E-toll website billing page embeds the license number as a hidden field, which can easily be accessed and modified.

Instead of preventing the user from querying the balance of a vehicle not registered to their account, the E-toll site reportedly returns the outstanding amount.

It is not the first time an easy-to-exploit security flaw has been identified in the E-toll website.

Earlier this year a security researcher who went by “Moe1” reported a vulnerability that made it possible to get the PIN of many registered E-toll users so long as their usernames were known.

A hacker could then log into the victim’s account and access that person’s private details.

At the time, Sanral’s response to the disclosure of the security flaw in its website was to threaten legal action against Moe1.

Prior to these security vulnerabilities being uncovered, MyBroadband reported that Sanral’s E-toll website allowed anyone to check the outstanding balance of any vehicle that had passed under a gantry.

Initially Sanral said that this was a service provided to E-road users, despite the fact that to access this “feature” users had to jump through hoops.

The feature eventually disappeared from the E-toll website, but only after it was used to track the E-toll bill of US President Barack Obama during his visit to South Africa for the memorial service of former president Nelson Mandela.

Sanral did not immediately respond to requests for comment on this story.

E-toll security hole: don’t shoot the messenger

Website security flaws in SA – shooting the messenger

E-toll website flaw a cyber-attack: Sanral

Massive E-toll website security flaw

Show comments

Forum discussion

New E-toll website security flaw uncovered

Latest news

2,000% electricity price pain in South Africa

Good news for cheap 5G smartphones in South Africa

“We are coming for you” — City Power takes aim at corrupt staff

Partners Against Piracy – Protecting South Africa’s creative economy and consumer privacy

Details about Mr D driver fight video

Good news for South African landlords

7 million views and counting – South Africa’s top tech podcast dominates

The most expensive coal power station ever built in the history of mankind

Most affordable uncapped 50Mbps Internet for South Africans without fibre

More news

128 Mbps in the middle of nowhere

Truth about solar panel fires in South Africa

This is how Eskom’s electricity prices are going to change

Lenovo ThinkPad X9 Aura Edition – Awesome AI features and cutting-edge hardware

Gauteng adds nearly 200 CCTV security cameras

Cyber attack on South Africa’s biggest chicken producer

Boost your network connectivity with an Otto Wireless outdoor antenna – Hands-on review

How much money I saved switching to a hybrid

Big trouble at Vumatel and DFA

Trending news

Samsung co-CEO dies

Cable break costs Seacom millions

R10 million fine and 10 years in jail

HONOR Magic7 Pro Goes the Distance with AI Super Zoom

Shocking details about data breach in South Africa

Telkom launches mobile virtual network operator platform

Win big on a SKYWORTH Google TV this Easter

Eskom load-shedding warning

R30,000 gaming PC that will last for years

Industry News

Inspire Greatness: Sport and Technology Run Hand-In-Hand in the Race For Human Excellence

Top HP cybersecurity predictions for South Africa in 2025

Why TCL TVs are a gamer’s delight

Many awards, one mission: Pure Internet Joy

Poll

More Sanral security articles

Latest news

More news

Trending news

Industry News

Poll