Expert Hacks Internal DoD Network via Army Website
Eduard Kovacs reports:
A security researcher who took part in the Hack the Army bug bounty program managed to gain access to an internal Department of Defense (DoD) network from a public-facing Army recruitment website.[….]
Roughly 118 of the reports have been classified as unique and actionable, and participants have been awarded a total of approximately $100,000. The final amount may be larger as bounties are still being paid out.
The most noteworthy submission came from a researcher who managed to chain multiple vulnerabilities in order to get from the goarmy.com Army careers website to an internal DoD network that can normally be accessed only by authorized users.
Read more on Security Week.