U.S. Dept Of Defense: Improper Authentication (Login without Registration with any user) at ████
The ████ system was vulnerable to an improper authentication issue. Attackers could log in as any user without registration by exploiting the signin parameter in the ██████████ endpoint. This allowed them to authenticate and change the session of a victim to any other user...