U.S. Dept Of Defense: █████████ - Insecure download cookie generation allows bypass of CAC authentication, access to deleted and locked files

Summary: To download a file, ████ directs users to /██████████/Download.aspx and sets a cookie authenticating the download. The cookie looks like this: pickup=Subject=&PackageID=MTU4NDgzMTU=███ If an attacker can generate this cookie, this allows downloading a file. As it turns out, the generatio...