U.S. Dept Of Defense: Information disclosure vulnerability on a DoD website

2017-01-04T01:54:03
ID H1:195636
Type hackerone
Reporter sp1d3rs
Modified 2017-06-16T19:55:04

Description

A Department of Defense website was misconfigured in a manner that could have exposed sensitive information. Thank you @sp1d3rs for notifying us of this!

I discovered a publicy accessible internal admin/superadmin interface. The problem was fixed by restricting the access to this interface.