Sensitive Information Leaking Through DoD Owned Website. [██████████]

**Summary** While performing recon work on websites owned by DoD i came up with ██████████ website which is leaking sensitive information. **Description** The above website is leaking information such as- first name and last name, email address, phone number, house address and organization name of attendees in a clear readable pdf document. This is a high severity issue and requires immediate fixation. It is also a clear privacy violation and insufficient protection mechanism involved in data storage. I look forward for a satisfactory reply from your side. **Step-by-step Reproduction Instructions** 1. Open a web browser of your choice. 2. Now open this URL: https://██████/12038/MyDoD/ngb-sfpd-roster.pdf **Suggested Mitigation/Remediation Actions** Remove document from the internet or put applicable authorization mechanism(s) in order to access sensitive documents. ## Impact 1. Any person can access this document and cause information leakage, target specific person for crime. 2. Anyone can threaten ██████ employees to reveal secrets which aren't meant to be public by nature.