Kansas Health and Environment Department faces serious password related security problems

Incident Date: 2003
Incident Location: Topeka KS USA

Kansas state legislative auditors discovered serious password-related computer security problems at Kansas Health and Environment Department. The auditors used password-cracking software and discovered more than 1,000 of the departmentís account passwords within three minutes, including passwords associated with administrator accounts. This finding represented 60% of the total number of accounts in the department. The total percentage of cracked password rose to 90% of all accounts after 11 hours.

Agency practices reportedly included using a simple pattern for password creation that would allow current or former employers to log onto any computer. Auditors found that they could walk into empty offices during one lunch hour and access computers that were logged on and unlocked. Other security problems included failures to delete former-employee user accounts, improper firewall configuration, and inadequate virus prevention.

The Kansas Health and Environment Department leads efforts for dealing with hazardous wastes, epidemics, immunizations and, most recently, the Kansas bioterrorism program. It is also the official caretaker of Kansas birth certificates.


Story Sources

Title: Kansas auditors crack 1,000 passwords
Author: Wilson P. Dizard III
Date: 11/7/2003
Publication: Government Computer News
Publication Location: USA
Publication URL: http://www.gcn.com/vol1_no1/daily-updates/24132-1.html

Title: KDHE computers at 'high risk'
Author: Scott Rothschild
Date: 10/23/2003
Publication: Journal-World
Publication Location: Lawrence KS USA
Publication URL: http://www.ljworld.com/section/stateregional/story/149509


Do you have additional information to contribute regarding this story? If so, please email siteupdates@passwordresearch.com with the details and source.

<-- Back to Authentication Story Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com