Bypass file access control vulnerability on a DoD website
Low
U
U.S. Dept Of Defense
Submitted None
Team Summary
Official summary from U.S. Dept Of Defense
A DoD website was configured in a manner that allowed a remote user to bypass a file access control. This vulnerability could have allowed the user to view potentially sensitive system files. @generaleg able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks @generaleg!
Actions:
Reported by
generaleg
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Authentication - Generic