The U.S Internal Revenue Service or the IRS, which is the throne to the nation’s tax has been discovered to have weak network security features, that leave the agency open to cyber attacks and also puts at risk the information of millions of tax payers. As per a report released by the Government Accountability Office (GAO), the IRS has still hasn’t taken adequate remedial actions against the previously identified 69% of the security flaws, thus leaving the database as well as numerous IRS systems vulnerable. Such security flaws could easily lead to unauthorized disclosure, modification, or destruction of financial and taxpayer information.

In its report, the GAO has found that, the IRS had failed to implement strict identification and authentication procedures for its networks. In one case, two of the IRS servers located at a specific location were found to be in non-compliance to the agency’s password age policy. Both these servers were found to have an administrator password age set to 118 days, as against the 58 days policy. This could lead to an increased chance of the passwords being used by unauthorized users and thus could lead to some serious troubles for the agency.

Furthermore, it has also been observed that, numerous IRS employees have been constantly using weak password for their systems and in some cases, these passwords were stored in clear text formats in computer program scripts, thereby creating new venues for network breaches by unauthorized users and unwarranted cyber elements.

Via Network World