The security researcher from Government Lab Mohammed Adel has found a vulnerability in the UK Defence Gateway, an application only for the staff use, that could be exploited by attackers to gain access to the system as a staff member .
Mohammed Adel told me that he exploited the vulnerability in a kind of Filtering Bypass attack, He was able to get into the UK Defence Gateway without using the @MOD.uk email, a condition implemented to allow the authentication only the internal staff.
The hacker was able to view the material used by the UK Defence to train its personnel, he accessed the private lessons that the Defence Gateway delivers to its staff.
Adel was also able to access other information, including news and the internal announcements.
This Defence Gateway is a platform used by all of the army units, it is also used to allow the Defence UK staff can communicate privately .
Below image the researcher shared to proof the existence of the bug.
The Government Lab rated the bug 6.2 over 10.
I reached the hacker for a comment:
“The severity of this Vulnerability is allowed me to see the sensitive information, including training army data that could allow attackers to study the tactic British Defence. A hacker can exploit the vulnerability to to access the information and sell it to threat actors.”
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and…
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement…
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
This website uses cookies.