• Benin report flags top five critical cybersecurity flaws, 2021–2024
• Broken access control most common, 41 cases out of 207
• Urges stronger digital hygiene, two-factor authentication, better configs
  
  

A new report from the Benin Agency for Information Systems and Digital Technology (ASIN) has identified remote code execution, SQL injection, broken authentication, broken access control, and sensitive data disclosure as the country’s five most critical cybersecurity vulnerabilities. The findings were published in a "Vulnerabilities and Incidents Report" presented at the recent Cyber Africa Forum.

The report highlights these issues as major entry points for threats like data theft and hacking. The Benin Computer Security Incident Response Team (bjCSIRT) recorded 207 critical vulnerabilities between 2021 and 2024, representing 23% of all vulnerabilities identified during that period. The data was compiled to propose concrete solutions for strengthening the protection of state computer systems.

The document notes that the "identified vulnerabilities reveal the extent of the exposure surface of the affected sectors and highlight the urgency of strengthening digital hygiene at all levels, from individual practices to organizational mechanisms."

Key Vulnerabilities by Case Count

Broken Access Control was the most common critical vulnerability identified, with 41 cases, accounting for 19.8% of the total. This flaw allows unauthorized users to access sensitive data and functions, often due to poor web application configurations.

Sensitive Data Disclosure accounted for 26 cases. This vulnerability is typically related to configuration errors or unprotected files that expose confidential data such as passwords, emails, and internal documents, putting users at risk of blackmail, fraud, or identity theft.

With 24 cases, Broken Authentication refers to weaknesses in login systems, such as the use of weak passwords, that make it easy for hackers to bypass access controls or steal a user's identity. To counter this flaw, the bjCSIRT recommends using two-factor authentication.

Remote Code Execution, which allows a hacker to take remote control of a server, was identified in 23 cases.

SQL Injection, a hacking technique that manipulates user inputs to inject malicious code, allows for the unauthorized access, modification, or deletion of database information. This flaw can enable hackers to steal large amounts of data.