Malaysian based Security researchers Mohammed Adel and Masood Mohammad have discovered vulnerabilities in the U.S. Air Force Portal which can be exploited by attackers to gain unauthorized access. The vulnerability had been notified to the U.S. Department of Defense (DoD) through HackerOne – the official platform created by the DoD for security researchers to report vulnerabilities in U.S. Defence websites.
In a chat conversation with Red Piranha, security researcher Mohammed Adel termed the vulnerability in the government website as Improper Access Control. According to the findings, the attackers can gain access to sensitive data by bypassing certain authentication processes and finally log into the portal as a military personal. It has also been verified by the researchers that the extent of unauthorized access to the portal depends upon the rank specified while registering and bypassing.
The vulnerability was patched by the DoD soon after they were notified and there has been no reports of the vulnerability being exploited. Mr. Adel did label the issue critical and also said that it would have cost the DoD a huge damage if the discovered vulnerability was published to other hackers. Due to the sensitivity of the data involved here the security researcher was reluctant to go into the specifics of the techniques used to breach the .mil portal
Further commenting on the lapses Mr. Adel said,
"Military online systems must be designed to have much more complicated requirements (information) to access, to make it difficult for hackers to either steal information or gain access!”
This is not the first time vulnerabilities have been pointed out in the DoD website. Infact the DoD websites has been hacked several times. Earlier this year the DoD had organized a bug bounty program as an initiative to identify in DoD’s internal system.
Stay ahead of cyber threats, talk to our security experts today!