U.S. Dept Of Defense: Information disclosure vulnerability on a DoD website

2017-01-10T01:03:40
ID H1:197055
Type hackerone
Reporter sp1d3rs
Modified 2017-06-16T19:53:36

Description

A Department of Defense website was misconfigured in a manner that could have exposed sensitive information. Thank you @sp1d3rs for notifying us of this! I discovered a publicy accessible internal statistics module in the Army system. The module was outdated and unused, however, it disclosed some sensitive information (for example, collected IP addresses of the site visitors for the big range of time). The problem was fixed by removing this module.