The government has the authentication platform DigiD taken offline after a security vulnerability in Ruby on Rails has been discovered. It was going to be a ‘serious leak’. The platform is likely to be Thursday again online.
It comes to a serious vulnerability: it is therefore chosen to be the system offline. “We wanted to be on the safe side, take it,” says Groeneveld. “With the downtime, we want to prevent abuse, and the patch can roll out and testing.” The rollout of the patch to what Logius concerns as carefully as possible. “We don’t want to patch another vulnerability cause,” says Groeneveld.
Tuesday night was the vulnerability known; on Wednesday we had Logius on the height and was chosen to be the system offline. That means that DigiD tonight so vulnerable. “There goes some time over it. You are going to also not just have a DigiD code from the air.” The two leaks for which Ruby on Rails Tuesday, a patch is released. According to the National Cyber Security Centre to create those vulnerabilities, it is possible to authentication bypass, sql injections to execute code remotely perform a denial of service attack.
Last week brought the developers of Ruby on Rails is also a security patch out as a result of a security issue. On Digid.nl is to read that the service is probably not until Thursday morning to use again.
Update, 15:27: Reaction Logius added.