A recent disclosure from the U.S. Department of Defense details has been announced to the public. This is about their infrastructure system’s critical and high severity vulnerabilities. The vulnerabilities can allow threat actors to exploit the systems by hijacking a subdomain, remote code execution, or view and capture data and files on a vulnerable machine and database.
A subdomain takeover vulnerability is one of the critical severity due to an Amazon S3 Bucket that’s unclaimed.
According to the ethical hackers who discovered the exploitable flaw that involves an Amazon S3 Bucket at U.S. East Region that no longer exists is being referenced by a subdomain. The group of white hat hackers took this bucket upon testing, and it enabled them to successfully take over the subdomain as a result.
A hijacked subdomain is critical as venerable to attacks as an attacker can create any webpages with any content and host it under the subdomain. This could allow a threat actor to create content with malicious scripts, mistaken as a legitimate website. The attackers can exploit this issue. They could perform Cross-Site Scripting (XSS) attacks, bypass the security of the domains, Phishing and steal private information such as user data, temporary files, and cookies.
The second disclosed critical vulnerability is a remote code execution flaw of a Department of Defense server running an Apache Solr. The Apache Solr was left identified to be unpatched since August 2019. An ethical hacker found out that the server was vulnerable to CVE-2019-0192 and CVE-2019-0193, where he successfully exploited the flaw and proceeded on remotely executing arbitrary codes.
The high severity issues were an unpatched Cisco product where it was left vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability. This exploit can be used to access sensitive files on their infrastructure. Another high severity issue is a code injection flaw on a Department of Defense host that can lead to remote code execution.
The Department of Defense quickly addressed all the issues and applied the needed patch on the discovered vulnerabilities.
What could have happened when black hat hackers found the data first? It could have been sold within the dark web for a hefty amount. Most likely, we can expect that the buyers will most likely come from their arch adversaries who are willing to get as much as top-secret data as possible to gain an advantage against the U.S Army. White hat hackers and penetration testers are fortunately around to have countered these activities. In a scenario that these data got leaked before it was discovered by the white hat hackers for prevention, iZOOlogic’s Data Loss Recovery could have helped trace the activities within the Dark Web. It is a good thing for the U.S. Department of Defense that, in this case, the bad guys did not find them first.