Hacker found a flaw in the UK Defence Gateway that exposes army data

The security researcher from Government Lab Mohammed Adel has found a vulnerability in the UK Defence Gateway that exposes army data.

The security researcher from Government Lab Mohammed Adel has found a vulnerability in the UK Defence Gateway, an application only for the staff use, that could be exploited by attackers to gain access to the system as a staff member .

Mohammed Adel told me that he exploited the vulnerability in a kind of Filtering Bypass attack, He was able to get into the UK Defence Gateway without using the @MOD.uk email, a condition implemented to allow the authentication only the internal staff.

The hacker was able to view the material used by the UK Defence to train its personnel, he accessed the private lessons that the Defence Gateway delivers to its staff.

Adel was also able to access other information, including news and the internal announcements.

This Defence Gateway is a platform used by all of the army units, it is also used to allow the Defence UK staff can communicate privately .

Below image the researcher shared to proof the existence of the bug.

The Government Lab rated the bug 6.2 over 10.

I reached the hacker for a comment:

“The severity of this Vulnerability is allowed me to see the sensitive information, including training army data that could allow attackers to study the tactic British Defence. A hacker can exploit the vulnerability to to access the information and sell it to threat actors.”

“I can’t tell how I have found the vulnerability, it’s a classified issue, but the vulnerability is kind of Filtering Bypass attack and redirect files”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – UK Defence Gateway, hacking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.