“o. itemList. length” “this. config. text. ariaShown”
“This. config. text. ariaFermé”
Lawyers applying for a lawyer’s license in Washington, D. C. , say a violation of the bar’s security in their application records, adding government-issued identity and background checks.
Applicants stated that the District of Columbia Bar Association, which oversees the admissions and licenses of attorneys in the U. S. capital, stored programs in an unprotected directory on its website.
The security error was first revealed in an August 26 email received through TechCrunch through an anonymous whistleblower who stated that he had “reported this challenge 3 times” at the DC Bar, but that his email had not been returned and that the challenge had not been resolved. The email indicated that the documents contained non-public data such as names, telephone numbers and email addresses, as well as the applicant’s social security number, work history, old home addresses and disciplinary history.
The complainant said he had begun informing news organizations “in an intelligent religious effort to inform affected users and that the challenge is resolved. “TechCrunch received the email from a pseudonymous Twitter account that goes through the Bar Exam Tracker ID.
The email stated that the lack of security meant that applicants could still access their application files downloaded from the DC Bar website, even after being disconnected, but because the application files followed a pattern. consistent naming, they can access other applicants’ application files. by gradually converting the Internet address.
“Documents are available to the public simply by opening their addresses in an Internet browser and not through any authentication system,” the whistleblower’s email wrote.
News of the lack of security spread temporarily among some of the bar’s candidates: two candidates, who agreed to be named but asked not to be named for fear of reprisals, told TechCrunch that they had to access their application files after disconnecting.
“We have taken safe steps to determine this,” one candidate said, referring to the allegations contained in the complainant’s email. “Both a colleague and I had to access our documents without being connected to the formula through a new browser. “
“Several of us tried, myself, and found it worked,” the candidate said.
The plaintiffs also informed DC Bar of the challenge. Shortly the next, a notice on the application site stated that the DC Bar “investigates certain technical issues” and asks applicants not to upload any files.
The security error was resolved, however, the applicants claim that the D. C. Bar didn’t reveal the security incident.
The DC Bar did not respond to multiple requests via email and a voice message requesting a comment prior to publication. After our publication, the DC Bar showed the security breach in one and stated that “the files of an unmarried applicant” had been mis consulted.
A spokesman for the U. S. Attorney General’s OfficeBut it’s not the first time He didn’t say whether the Washington DC bar had notified him of the security flaw.
Updated with a DC bar.
Stop saying, “We take your privacy and security seriously”