|
|
|
|
|
|
by ne0n
2745 days ago
|
|
|
> Equifax, however, did not fully patch its systems. Equifax’s Automated Consumer Interview System (ACIS), a custom-built internet-facing consumer dispute portal developed in the 1970s, was running a version of Apache Struts containing the vulnerability. Equifax did not patch the Apache Struts software located within ACIS, leaving its systems and data exposed. 1970s? Am I reading that right? HTML wasn't even developed yet. |
|
|
It was probably developed very quickly, possibly outsourced, and just stuck in front of the older system with minimal re-engineering.
Many years ago, I worked on a system that put an X Windows front end in front of a mainframe app that used a 3270 emulator to interact with parts of the legacy app. I imagine this is somewhat similar.