Researchers say not to use myGovID until login flaw is fixed – iTnews

Two security researchers are warning Australians not to use myGovID as they say the login system contains an implementation flaw that could lead to attackers gaining full access to their accounts.
Masters student Ben Frengley and adjunct professor Vanessa Teague created a threat scenario in which an attacker sets up sites that they control and asks users to log into them with myGovID.
In the scenario, the attacker captures the email address of the user and then immediately uses it to try to lo…

Click here to view the original article.