Free Law Project has Notified the Administrative Office of the Courts about a Major Security Vulnerability in the PACER/ECF System
Recently, as part of our routine business practices, we discovered what we believe is a major vulnerability in the PACER system of websites that we believe affects both the electronic case filing and public access portals.
At this time, as part of a responsible disclosure process, we have notified the appropriate parties at The Administrative Office of the Courts, the agency that runs PACER. According to industry norms, we have given them a broad 90 day window to resolve the vulnerability.
After the 90 days are up or the issue is resolved, we plan to publish the details of what we discovered, the ramifications of the discovery, and the solution that they have put in place, if any.
Further questions about the vulnerability can be directed to our contact form where you can find our GPG key, if needed.