(DoD photo by Master Sgt. Ken Hammond, U.S. Air Force.)

Bug Hunter Wins ‘Researcher of the Month’ Award for DOD Account Takeover Bug

The US Department of Defense has fixed a severe vulnerability impacting its internal network that would have allowed threat actors to hijack DOD accounts just by modifying a few parameters in web requests sent to DOD servers.

The vulnerability was discovered by Jeff Steinburg, a security researcher at US security firm Silent Breach, and privately reported and patched via the DOD’s Vulnerability Disclosure Program (VDP).

The issue received a severity rating of “Critical (9 ~ 10)” because the bug required minimal technical skills to exploit and hijack any DOD account of the attacker’s choosing.

Read more at ZDNet

(Visited 54 times, 2 visits today)

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply

Latest from Cybersecurity

Go to Top
X
X