On the websites of the municipality of Eindhoven can not more with DigiD be logged in. The central government has decided to link with a DigiD code to delete multiple sites from the community with serious security vulnerabilities were.
The vulnerabilities were by Computerworld detected and, among other things, the government reported, after which overheidsautomatiseerder Logius decided to the municipality of Eindhoven of DigiD to disconnect.
The biggest vulnerability was in a portal where residents municipal tax can be arranged. The JBoss-admin console of the website from a web browser to access, without authentication was required. Users would settings have been able to adapt to, for example, the encryption of connections to manipulate.
Other gemeentesites would be vulnerable for sql-injection and xss, and multiple places were the personal information of citizens over an insecure connection, sent. The municipality has the sites now offline. Logius restores the Digital link with Eindhoven only when all security issues are resolved.
Eindhoven is the umpteenth church that this month of DigiD is shutting down: earlier this month, proved fifty sites of especially smaller municipalities hardly secure, allowing them to link with DigiD lost.