LinkDev developers could access your govmu.org account
A few weeks ago while I attended a Telecom Workshop, I publicly reported several glitches that appear on the mobile version of the Mauritian Government Web Portal. I was told that I should report it to through the Government call-centre. On 22 May 2015 I sent an email to the Central Informatics Bureau (CIB), as the person who did the Government Portal presentation during the workshop was an official of the CIB.
I did not receive any reply after a month.
How can LinkDev developers access your govmu.org account?
LINK Development is an Egyptian company that was hired to develop the Government Web Portal. The LinkDev developers must have tested the various functionalities with their own email addresses.
Let's see where a glitch was left and most probably has gone un-noticed for years. If you have forgotten your govmu.org account password, you could use the forgot password feature on the website to recover it. Right? Okay, try it. It should work fine. You must have received an email from portaladmin as follows:
Do you have a smartphone? Great! Fire up the browser on your smartphone and hit www.govmu.org. You notice it redirects you to m.govmu.org and shows port number 444. That's ugly but it's not a matter of our concern right now. Click on the sign in link and then password forgotten.
It prompts you for your username and then shoots a hint question. Once done, it sends a password reset link to your email.
Okay. Rush & check your email ^^
In my mailbox I see the email was not sent only to me but also two developers at LINK Development.
I should flag this as a security incident but I am not sure if someone at the other end is reading my emails. I know they read my blog. Things often get fixed silently when I write here. Maybe it's just a more effective approach than sending emails.
On 11 January 2014 Le Mauricien newspaper published an article mentioning the mobile version of the Government Web Portal and a corresponding mobile app.