Twenty thousand euros. This is the tidy sum promised by the inter-ministerial digital department (Dinum) to anyone who detects critical security flaws in French Connect and AgentConnect.
The first is an authentication system that allows French citizens to connect to numerous public online services. (impot.gouv.fr, Ameli…). The second is the identification and authentication system of agents who work within the public function of the State.
The event, organized by the website Yeswehack.com, It is organized as part of a “bug bounty”, an operation that allows software publishers to fix bugs in their programs by rewarding users who report bugs.
Sign in with a fake identity
In this context, Dinum intends to rely on these “volunteers” to detect vulnerabilities related to data exfiltration, identity theft or even the redirection of users to malicious websites.
To carry out this mission, participants will be equipped with tools provided by the agency, as well as instructions to test the possible vulnerabilities of the two government platforms. But in order to get the reward, you will also need to be able to connect to FranceConnect using a fake identity.
This is not the first time the government has asked “ethical hackers” to test the resilience of their online platforms. On May 15, the Ministry of the Interior asked them to check the security of the MaProcuration.gouv.fr site, which allows pre-fill out an electoral proxy application.
Source: BFM TV
