ALERT: Open Treasury Portal Unsafe For Users As Finance Ministry Fails To Obtain A Secured SSL Certificate

The official website of the Open Treasury portal under the Office of the Accountant General of the Federation has become a risk to users after suffering an embarrassing security outage.

On Monday 22 July, 2024, West Africa Weekly gathered that the site was vulnerable to attacks, posing a risk to unsuspecting visitors.

A visit to the Open Treasury portal indicated an error message, stating, “Attackers might be trying to steal your information from opentreasury.gov.ng (for example, passwords, messages, or credit cards),” indicating a potential threat to user data.

Upon this discovery, West Africa Weekly reached out to the technical department within the Ministry of Finance, whose response indicated unawareness of the website’s state of security.

“I will confirm and revert, please.”

West Africa Weekly gathered that the cause was the website’s Secure Socket Layer (SSL) certificate which, despite being valid, has a missing chain/intermediate certificate.

This indicates that the Ministry has an unsecured SSL certificate to verify the connection between visitors and the website server, thereby exposing visitors to vulnerability attacks from hackers wanting to take advantage of personal information provided to the website.

This is because every website uses SSL certificates to verify its identity and reveal information about its encryption to enable a secure connection between a visitor and the website server.

Not having a secured SSL certificate violates sections 7.2 and 7.3.3 of the mandated guidelines stipulated by the National Information Technology Development Agency (NITDA) for government websites.

Read: Uganda Police Arrest Peaceful Protesters

Liberian Women Demand Safe Abortion Rights, Abolition Of FGM

Ethiopia Landslide: Death Toll Climbs To 157, Toll Expected To Rise

About The Author

Mayowa Durosinmi

author

See author's posts