Ottawa’s “secret” agent registration site could be breached, according to a security researcher.
In a blog post Monday, researcher Simon Fraser identified a vulnerability that allows anyone to access information stored on the registration agent website.
The flaw, he said, could allow attackers to register and sign users without their knowledge.
“We have to keep the site secure, we have to make sure it’s not accessible to anyone other than the site administrator and the admins of the server,” Fraser said.
He added that it could be possible to make the registration site vulnerable to a hacker by changing passwords or by changing the passwords themselves.
The site is hosted by a company called UPI, which was founded by David Vesely, a Canadian-American who also runs the security company Secured Systems.
UPI’s website contains a login page that can be used by anyone who is logged into the site.
The page can be accessed by using an API that allows a person to register for a new account.
In order to sign up, a person has to enter a password.
That password is also used to access the site’s registration form.
A person’s name and email address are also stored on UPI.
The API allows someone to use the website to sign in to a user’s account, but only after they have entered a password and verified their identity.
A hacker could theoretically register a new user’s password with the same username and password.
“A malicious attacker could use this to register a user without their consent,” Fraser wrote.
The researcher added that the website’s login form was vulnerable to “a simple SQL injection attack.”
In other words, a malicious hacker could get into the registration form and use the code to sign a user in without their permission.
Fraser said he first noticed the issue while working on a study about how to prevent malware from getting into the UPI registration system.
He also discovered that the registration information contained a unique user ID.
“The ID is a very good way of identifying a user,” Fraser told CBC News.
The UPI website is not encrypted and can be easily accessed.
The website has no password protection and does not require a password when using it.
According to Fraser, the information in the UPP registration forms is stored in plain text, meaning anyone could use it to access registration information.
This means that someone could easily create a password-less login page and get a new username and a new password for the account.
The registration forms also contain a list of other user IDs, which could be used to log in to the registration page.
The form has no link to the UMP system.
The attacker could also change the password on the website, Fraser said, adding that there is no way for the registration system administrator to prevent this.
The company, UPI said it is aware of the issue and has fixed the issue.
“UPI has already issued an update to the website that contains a fix,” a company spokesperson told CBC.
The vulnerability is “likely to be exploited” by hackers, the spokesperson said, but it is not yet clear if they have fixed the vulnerability.
Fraser told the CBC that the company has made the changes that allow the user’s login information to be accessed in the form of an API.
“This has been done to prevent exploitation,” the spokesperson added.
The CBC’s Ryan Smith, who has been following UPI for some time, said it could also be used as a way to track who’s accessing the site and what they’re doing.
“If you want to track where a person is coming from or where they’re going, you could just go and ask them for their password, which is what this is doing,” Smith said.
The government has not yet said how it plans to address the issue, but a spokesperson told the Radio-Canada news program Monday that the government “is taking this very seriously.”
The spokesperson said that in addition to fixing the registration issues, the company was working with the government to improve security and privacy measures on its website.
“In the coming days, we’ll be making some changes to improve the website,” the spokesman said.