U.S. Dept Of Defense: Information disclosure vulnerability on a DoD website

ID H1:195636
Type hackerone
Reporter sp1d3rs
Modified 2017-06-16T19:55:04


A Department of Defense website was misconfigured in a manner that could have exposed sensitive information. Thank you @sp1d3rs for notifying us of this!

I discovered a publicy accessible internal admin/superadmin interface. The problem was fixed by restricting the access to this interface.