Search
Back

Audit reveals abysmal security in state eLicensing system

State auditors harshly criticized a website used by licensed professionals across the state to apply for and maintain for credentials, saying accounts were easily hacked because of weak password requirements.

The Auditors of Public Accounts faulted the eLicensing system, which controls more than 600 different professional licenses, permits and registrations, for multiple security failures including one not disclosed in the audit because of its “sensitive nature.”

The Department of Administrative Services manages the eLicensing system.

The audit revealed that in a sample of 161 different users, there were only 17 different passwords and 103 of them used the same password. The auditors were able to “hack” into 155 of the 161 different users just by using a Google search.

According to the auditor’s report, the poor password controls could enable users to guess the passwords of other users and “it is likely that some would be successful” potentially allowing access to personal information.

Several issues were cited in regard to login and password information: there were no length or complexity requirements for passwords, the passwords never expire and people could use their login name as their password.

It also showed that none of the five state agencies that use the system had any written policies or procedures for “related to creating, modifying, or deleting user accounts.” This was cited as another potential security issue that could allow access to personal information. Ten active accounts were found for users who had been terminated from related employment for several years. There were also 190 active accounts that had never been used, according to the report.

The eLicense system, managed by DAS, handles licenses across a number of state agencies such as the Department of Health, Department of Consumer Protection and the Department of Agriculture.

The state of Connecticut has experienced unforeseen issues related to other online systems. The Department of Motor Vehicles’ rollout of a new online registration system in 2015 created long wait lines, false vehicle registration expirations and missing vehicle registrations from town property tax lists. The DMV is now also expanding its role in voter registration due to a federal mandate.

Groups as diverse as the Obama administration to Libertarian think-tanks such as the Institute for Justice have urged state lawmakers to pull back on professional licensing requirements, claiming they act as barriers to employment access. The White House, in a press release, stated “Research shows that licensing can not only reduce total employment in licensed professions, but also that unlicensed workers earn roughly 7 percent lower wages than licensed workers with similar levels of education, training, and experience.”

DAS agreed with the findings of the auditor’s and said they would try to update security issues related to the licensing.

ACLU study says Connecticut police union contracts violate state law

The American Civil Liberties Union of Connecticut issued a report saying municipal and state police union contracts in Connecticut violate state statute, limit disciplinary action against officers, prevent complete records from being released to the public and limit misconduct investigations. The study comes as the Connecticut legislature considers a special ...

Read More

Department of Revenue Services paid millions in interest for late tax refunds

The Connecticut Department of Revenue Services paid more than $12 million in interest for tax refunds totaling nearly $5 million because they withheld those refunds for upwards of seven years, according to a new audit. The audit listed tax refunds from years 2014 through 2018 and found that late returns ...

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

SIGN UP TO RECEIVE OUR NEWSLETTER