The US Department of Defense (DoD) has revealed details of four vulnerabilities identified in its infrastructure. Two of these vulnerabilities have been rated as "high severity", while the other two have been rated as "critical". The vulnerabilities, which were first revealed in July and August, could allow hacker to occupy a subdomain, to execute arbitrarily code from a distance or to see archives on the affected computer. All issues were reported through the revelation of vulnerabilities of the Ministry on the platform HackerOne bug bounty by distinguished ethical hackers.
One of the critical vulnerabilities is one subdomain takeover, due to an unfounded Amazon S3 bucket. The moral hacker chron0x found that the issue could be used to host malicious content in a legitimate domain. Visitors to the site will then be targeted Phishing and cross-site scripting attacks. The defect would also allow an attacker to bypass it safety of the domain and steal sensitively data users.
The second vulnerability rated as critical was reported by Hzllaga on August 19th. it is about a remote code execution into a server DoD running Apache Solr and had not received a patch since August 2019. The server was vulnerable to vulnerabilities identified as CVE-2019-0192 and CVE-2019-0193, but only the second was enough for the attacker to receive a shell on the server. However, it is possible to exploit code for both.
Another vulnerability comes from unpatched software, discovered by IT security analyst Dan (veteran of their Navy USA and the Coast Guard), is one read-only path traversal which could allow an attacker to access sensitive and confidential system files. This is a vulnerability found in one of its products Cisco.
The second less serious vulnerability is one injection code on a DoD server, which could lead to arbitrary code execution, according to the report. e3xpl0it, a penetration tester at the cybersecurity company "Positive Technologies".
In all cases, the US Department of Defense immediately rectified the problems. According to statistics from the HackerOne platform, the Ministry took about eight hours, on average, to correct and address each of the vulnerabilities. Since the US Department of Defense launched the HackerOne vulnerability detection program in November 2016, it has dealt with 9555 security issues. It is noteworthy that the Ministry has dealt with more than 1/3 of these in the last three months.