ObamaCare is again on the spot. California’s site has +500K users, and, as the video shows, they’re at risk of hijacking attack.
Vulnerability found by Kristian Hermansen
The vulnerability is horizontal privilege escalation. The PIN reset function – while updating the PIN for the current user – also attaches all the personal data in the POST request. This allows the attacker to tamper with the request, exchanging his username with the victim’s username and setting a new PIN for the victim.
EDIT: video was removed from youtube.
The PoC is on the video above. For the moment, it’s not known if this affects any other ObamaCare site’s than California’s.