e-Government Portal, SharePoint exposed

July 7, 2014

Back in 2012 the Mauritian e-Government Portal was launched. Media along with many IT professionals criticized the website that had a whopping price-tag: Rs 50M. We were told the cost was high because aging servers needed to be replaced & there were also license costs for various proprietary software. One of them was Microsoft Sharepoint, an enterprise solution consisting of a Document Management System (DMS), Content Management System (CMS) and supports intranet features. The product is indeed a robust one & surely configuration is meticulous.

Who developed the e-Government Portal?

Wait! Before we go any further, was the solution based on SharePoint developed 100% locally? Nope, media outlets reported that it was developed in collaboration with an Egyptian company. The same was indeed published on the said company’s website: LINK Development celebrates the launch of Mauritius e-Governement portal!

I would like to help readers distinguish between two kinds of specialists when it comes to Web Projects. First we have the Web Designers/Developers who design, develop & implement the websites. Then we have System Admins/Engineers who design the hosting infrastructure & assure smooth running of the websites once implemented. The last part, that is maintenance & smooth running is thus assured by our local folks, who are mainly Government officials.

In many of my previous articles, I highlighted malpractices at every level within the ICT Ministry. I have strong reasons to doubt the capacity based on observations of the current projects & those that left a bad precedence.

To complement the same I recently noticed another security blunder on the e-Government portal. Before that, let me ask you a simple question. If you have to login to Yahoo Mail, what do you type in your browser? Usually, that would be yahoo.com/mail, just to be redirected quickly. Thus, the use of slash “/” and something is a common practice. Right? Now, on the e-Government Portal, I was looking for eforms, so I cut short the longer address to www.gov.mu/English/eforms. Oh! Oh! Can a Microsoft expert explain to me why I am welcomed by the back-end of Microsoft SharePoint? … and we’re talking about the Government Web Portal here.

Mauritius e-Government Portal

It will be surely blocked after this publication
I was recently invited to talk about security issues regarding the MNIS Project & that’s where I demo’ed the same.

A comprehensive analysis of the Rs 50M website project was published by Island Crisis. It’s worth reading with some very good observation.

Update #1 7 July 2014, 21h45 SharePoint back-end no more accessible. Thank you Government Online Centre for fixing this. Now, if you be kind enough, could you please fix gov.mu's DNS issue as well. It's kind of annoying.