The US Department of Defense has fixed a severe vulnerability impacting its internal network that would have allowed threat actors to hijack DOD accounts just by modifying a few parameters in web requests sent to DOD servers.
The vulnerability was discovered by Jeff Steinburg, a security researcher at US security firm Silent Breach, and privately reported and patched via the DOD’s Vulnerability Disclosure Program (VDP).
The issue received a severity rating of “Critical (9 ~ 10)” because the bug required minimal technical skills to exploit and hijack any DOD account of the attacker’s choosing.