All Article Properties:
{
"access_control": false,
"status": "publish",
"objectType": "Article",
"id": "1826547",
"signature": "Article:1826547",
"url": "https://staging.dailymaverick.co.za/article/2023-08-29-bug-in-wits-university-website-renders-prospective-students-details-easily-accessible/",
"shorturl": "https://staging.dailymaverick.co.za/article/1826547",
"slug": "bug-in-wits-university-website-renders-prospective-students-details-easily-accessible",
"contentType": {
"id": "1",
"name": "Article",
"slug": "article"
},
"views": 0,
"comments": 0,
"preview_limit": null,
"excludedFromGoogleSearchEngine": 0,
"title": "‘Bug’ in Wits University website renders prospective students’ details easily accessible",
"firstPublished": "2023-08-29 21:27:09",
"lastUpdate": "2023-08-29 21:27:09",
"categories": [
{
"id": "29",
"name": "South Africa",
"signature": "Category:29",
"slug": "south-africa",
"typeId": {
"typeId": "1",
"name": "Daily Maverick",
"slug": "",
"includeInIssue": "0",
"shortened_domain": "",
"stylesheetClass": "",
"domain": "staging.dailymaverick.co.za",
"articleUrlPrefix": "",
"access_groups": "[]",
"locale": "",
"preview_limit": null
},
"parentId": null,
"parent": [],
"image": "",
"cover": "",
"logo": "",
"paid": "0",
"objectType": "Category",
"url": "https://staging.dailymaverick.co.za/category/south-africa/",
"cssCode": "",
"template": "default",
"tagline": "",
"link_param": null,
"description": "Daily Maverick is an independent online news publication and weekly print newspaper in South Africa.\r\n\r\nIt is known for breaking some of the defining stories of South Africa in the past decade, including the Marikana Massacre, in which the South African Police Service killed 34 miners in August 2012.\r\n\r\nIt also investigated the Gupta Leaks, which won the 2019 Global Shining Light Award.\r\n\r\nThat investigation was credited with exposing the Indian-born Gupta family and former President Jacob Zuma for their role in the systemic political corruption referred to as state capture.\r\n\r\nIn 2018, co-founder and editor-in-chief Branislav ‘Branko’ Brkic was awarded the country’s prestigious Nat Nakasa Award, recognised for initiating the investigative collaboration after receiving the hard drive that included the email tranche.\r\n\r\nIn 2021, co-founder and CEO Styli Charalambous also received the award.\r\n\r\nDaily Maverick covers the latest political and news developments in South Africa with breaking news updates, analysis, opinions and more.",
"metaDescription": "",
"order": "0",
"pageId": null,
"articlesCount": null,
"allowComments": "1",
"accessType": "freecount",
"status": "1",
"children": [],
"cached": true
},
{
"id": "134172",
"name": "Maverick Citizen",
"signature": "Category:134172",
"slug": "maverick-citizen",
"typeId": {
"typeId": "1",
"name": "Daily Maverick",
"slug": "",
"includeInIssue": "0",
"shortened_domain": "",
"stylesheetClass": "",
"domain": "staging.dailymaverick.co.za",
"articleUrlPrefix": "",
"access_groups": "[]",
"locale": "",
"preview_limit": null
},
"parentId": null,
"parent": [],
"image": "",
"cover": "",
"logo": "",
"paid": "0",
"objectType": "Category",
"url": "https://staging.dailymaverick.co.za/category/maverick-citizen/",
"cssCode": "",
"template": "default",
"tagline": "",
"link_param": null,
"description": "",
"metaDescription": "",
"order": "0",
"pageId": null,
"articlesCount": null,
"allowComments": "1",
"accessType": "freecount",
"status": "1",
"children": [],
"cached": true
},
{
"id": "387188",
"name": "Maverick News",
"signature": "Category:387188",
"slug": "maverick-news",
"typeId": {
"typeId": "1",
"name": "Daily Maverick",
"slug": "",
"includeInIssue": "0",
"shortened_domain": "",
"stylesheetClass": "",
"domain": "staging.dailymaverick.co.za",
"articleUrlPrefix": "",
"access_groups": "[]",
"locale": "",
"preview_limit": null
},
"parentId": null,
"parent": [],
"image": "",
"cover": "",
"logo": "",
"paid": "0",
"objectType": "Category",
"url": "https://staging.dailymaverick.co.za/category/maverick-news/",
"cssCode": "",
"template": "default",
"tagline": "",
"link_param": null,
"description": "",
"metaDescription": "",
"order": "0",
"pageId": null,
"articlesCount": null,
"allowComments": "1",
"accessType": "freecount",
"status": "1",
"children": [],
"cached": true
}
],
"content_length": 2586,
"contents": "<span style=\"font-weight: 400;\">The IDs, emails and addresses of prospective students who applied for admission at the University of Witwatersrand in the past five years could be easily accessed since July 2023.</span>\r\n\r\n<i><span style=\"font-weight: 400;\">Daily Maverick</span></i><span style=\"font-weight: 400;\"> has learnt that a flaw in the university’s website that allowed this was found by a 22-year-old prospective student, Cameron Holm.</span>\r\n\r\n<span style=\"font-weight: 400;\">Holm, who has a Bachelor of Computer and Information Science majoring in Software Development, said he found out in July that details of prospective students were easily accessible on the university’s website.</span>\r\n\r\n<span style=\"font-weight: 400;\">At the time, Holm said he was applying for a BCom Hons in Information Systems at Wits.</span>\r\n\r\n<span style=\"font-weight: 400;\">Holm said he discovered a flaw in Wits’ system where he had access to the names, IDs, addresses and emails of every applicant to the university for the past five years.</span>\r\n\r\n<b>Read more in Daily Maverick: </b><a href=\"https://www.dailymaverick.co.za/article/2023-08-03-cyberattacks-in-sa-integrated-plan-needed-to-protect-critical-infrastructure/\"><span style=\"font-weight: 400;\">Cyberattacks – South Africa needs an integrated approach to protect critical infrastructure</span></a>\r\n\r\n<span style=\"font-weight: 400;\">He said he reported the matter to Wits’ ICT helpdesk without any success.</span>\r\n\r\n<span style=\"font-weight: 400;\">“More than a few at the ICT helpdesk assured me they would get back to me and they would take the issue higher.” </span>\r\n<h4><b>‘Ghost account’</b></h4>\r\n<span style=\"font-weight: 400;\">Holm said it seemed that the Wits system had been vulnerable since 2019.</span>\r\n\r\n<span style=\"font-weight: 400;\">“There is a weird ghost account you can accidentally access very easily by accident,” Holm said.</span>\r\n\r\n<span style=\"font-weight: 400;\">He said there were applications in limbo in that account going back to 2019.</span>\r\n\r\n<span style=\"font-weight: 400;\">“And trust me, this vulnerability is something I did for my very first class in cybersecurity,” he said.</span>\r\n\r\n<span style=\"font-weight: 400;\">Holm said whoever created it was either ignorant or did not have regard for anyone’s personal safety.</span>\r\n\r\n<span style=\"font-weight: 400;\">It’s unclear whether anyone else accessed the data. </span>\r\n<h4><b>Wits responds</b></h4>\r\n<span style=\"font-weight: 400;\">Wits spokesperson Shirona Patel confirmed on Tuesday that “an individual found a bug” in the university’s application system.</span>\r\n\r\n<span style=\"font-weight: 400;\">“We understand that the individual, who we believe has a background in cybersecurity, was able to manipulate a URL to access the system,” Patel said.</span>\r\n\r\n<span style=\"font-weight: 400;\">She said the matter was brought to the attention of the chief information officer on Monday.</span>\r\n\r\n<span style=\"font-weight: 400;\">Patel said the “bug” was immediately fixed.</span>\r\n\r\n<span style=\"font-weight: 400;\">“The university views this matter in a serious light and will deal with the matter in accordance with the provisions of the Protection of Personal Information Act.”</span>\r\n\r\n<span style=\"font-weight: 400;\">She said they were trying to determine who was contacted at the ICT helpdesk and why if there was such a report, it was not attended to immediately.</span>\r\n\r\n<span style=\"font-weight: 400;\">“If any employee is found to have erred, the university will manage the matter in line with its rules for staff discipline, policies and procedures,” she said. </span><b>DM</b>",
"teaser": "‘Bug’ in Wits University website renders prospective students’ details easily accessible",
"externalUrl": "",
"sponsor": null,
"authors": [
{
"id": "558581",
"name": "Msindisi Fengu",
"image": "",
"url": "https://staging.dailymaverick.co.za/author/msindisi-fengu/",
"editorialName": "msindisi-fengu",
"department": "",
"name_latin": ""
}
],
"description": "",
"keywords": [
{
"type": "Keyword",
"data": {
"keywordId": "46677",
"name": "Wits University",
"url": "https://staging.dailymaverick.co.za/keyword/wits-university/",
"slug": "wits-university",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "Wits University",
"translations": null
}
},
{
"type": "Keyword",
"data": {
"keywordId": "164984",
"name": "ICT",
"url": "https://staging.dailymaverick.co.za/keyword/ict/",
"slug": "ict",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "ICT",
"translations": null
}
},
{
"type": "Keyword",
"data": {
"keywordId": "406725",
"name": "Msindisi Fengu",
"url": "https://staging.dailymaverick.co.za/keyword/msindisi-fengu/",
"slug": "msindisi-fengu",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "Msindisi Fengu",
"translations": null
}
}
],
"short_summary": null,
"source": null,
"related": [],
"options": [],
"attachments": [
{
"id": "43233",
"name": "",
"description": "",
"focal": "50% 50%",
"width": 0,
"height": 0,
"url": "https://dmcdn.whitebeard.net/dailymaverick/wp-content/uploads/2023/08/MC-Wits-website-students-ICT.jpg",
"transforms": [
{
"x": "200",
"y": "100",
"url": "https://dmcdn.whitebeard.net/i/3lxGL-39T0-Umn0okfCB_khLcEs=/200x100/smart/filters:strip_exif()/file/dailymaverick/wp-content/uploads/2023/08/MC-Wits-website-students-ICT.jpg"
},
{
"x": "450",
"y": "0",
"url": "https://dmcdn.whitebeard.net/i/0XknGIP3uHsmtvGa9_LcBHDyxPA=/450x0/smart/file/dailymaverick/wp-content/uploads/2023/08/MC-Wits-website-students-ICT.jpg"
},
{
"x": "800",
"y": "0",
"url": "https://dmcdn.whitebeard.net/i/HuafCFMdFiUA75R3J_sBR2XUZRA=/800x0/smart/filters:strip_exif()/file/dailymaverick/wp-content/uploads/2023/08/MC-Wits-website-students-ICT.jpg"
},
{
"x": "1200",
"y": "0",
"url": "https://dmcdn.whitebeard.net/i/S-4zDB3CQ5kbAvxe7QSO0dEuFDA=/1200x0/smart/filters:strip_exif()/file/dailymaverick/wp-content/uploads/2023/08/MC-Wits-website-students-ICT.jpg"
},
{
"x": "1600",
"y": "0",
"url": "https://dmcdn.whitebeard.net/i/WiJFbw9frTd7uUleAJDfDiBHfxs=/1600x0/smart/filters:strip_exif()/file/dailymaverick/wp-content/uploads/2023/08/MC-Wits-website-students-ICT.jpg"
}
],
"url_thumbnail": "https://dmcdn.whitebeard.net/i/3lxGL-39T0-Umn0okfCB_khLcEs=/200x100/smart/filters:strip_exif()/file/dailymaverick/wp-content/uploads/2023/08/MC-Wits-website-students-ICT.jpg",
"url_medium": "https://dmcdn.whitebeard.net/i/0XknGIP3uHsmtvGa9_LcBHDyxPA=/450x0/smart/file/dailymaverick/wp-content/uploads/2023/08/MC-Wits-website-students-ICT.jpg",
"url_large": "https://dmcdn.whitebeard.net/i/HuafCFMdFiUA75R3J_sBR2XUZRA=/800x0/smart/filters:strip_exif()/file/dailymaverick/wp-content/uploads/2023/08/MC-Wits-website-students-ICT.jpg",
"url_xl": "https://dmcdn.whitebeard.net/i/S-4zDB3CQ5kbAvxe7QSO0dEuFDA=/1200x0/smart/filters:strip_exif()/file/dailymaverick/wp-content/uploads/2023/08/MC-Wits-website-students-ICT.jpg",
"url_xxl": "https://dmcdn.whitebeard.net/i/WiJFbw9frTd7uUleAJDfDiBHfxs=/1600x0/smart/filters:strip_exif()/file/dailymaverick/wp-content/uploads/2023/08/MC-Wits-website-students-ICT.jpg",
"type": "image"
}
],
"summary": "The university says the ‘bug’ has been fixed after it was alerted on Monday and it will deal with the saga using the Protection of Personal Information Act and its internal disciplinary policy after the ICT helpdesk failed to respond to a ‘tip-off’ in July. \r\n",
"template_type": null,
"dm_custom_section_label": null,
"elements": [],
"seo": {
"search_title": "‘Bug’ in Wits University website renders prospective students’ details easily accessible",
"search_description": "<span style=\"font-weight: 400;\">The IDs, emails and addresses of prospective students who applied for admission at the University of Witwatersrand in the past five years could be easily accessed since",
"social_title": "‘Bug’ in Wits University website renders prospective students’ details easily accessible",
"social_description": "<span style=\"font-weight: 400;\">The IDs, emails and addresses of prospective students who applied for admission at the University of Witwatersrand in the past five years could be easily accessed since",
"social_image": ""
},
"cached": false,
"access_allowed": true
} 
