U.S. Dept Of Defense: Create account without auth via response manipulation

A vulnerability was discovered that allowed creating an account without authentication by manipulating the response. This vulnerability could have been used to create and join an event without the required event code or email verification...