"When we were alerted, we took it down immediately," she said. Technicians will work through the holiday weekend to fix the problems. The site is expected to be back in operation by the middle of next week, she said.
A message on the Web site Friday said, "The eOffer system is down for maintenance. Please pardon the inconvenience, thank you."
The security problem was discovered Dec. 22 by Aaron Greenspan, president and CEO of Dallas-based Think Computer Inc., a one-man Web software development company that also does IT and security consulting. In an interview Friday, Greenspan said he found the security glitch accidentally when he tried to resubmit his application to become a government vendor. His initial application was rejected based on an incorrect price that he entered. His second application had an extra space in one line, but the Web site wouldn't allow him to remove the space. He deleted the second application, corrected it, then uploaded it again to the GSA server as required.
On a hunch, he checked to see if he could still access the first aborted application and was surprised to find that it was still visible through the Web site. Further investigation found that he was able to access other applications from other vendors by modifying the unique ID number on his second application, he said.
Using a different ID number, Greenspan was able to see bid data, pricing, personal contact information, confidential financial data and more about other vendors. The information could also be downloaded and potentially changed before being uploaded back to the Web site, he said.