Vulnerability Found: [REMOVED] Engineering
The information I release for this vulnerability will be limited since the issue has not been patched. I contacted [REMOVED] Engineering a little over a month ago and was told that they will be resolving the issue. As of today (November 1st, 2014) the site appears to still be vulnerable.
This vulnerability leaks information about employees of the company, including employee IDs, work schedules, and more. The disturbing part about this one is that the company is a military contract company that fabricates some pretty important things.
- Vulnerability Type: Unsecured Access
- Implications: Open access to employee information at a company that contracts with the federal government is a security issue for both this company, and the government.
- Company Response: “Thank you. We will be working to secure our site.”
- Date Reported: 30/09/2014
Note: Due to the sensitive nature of the work performed by this company, I will not be posting the company name, updates, or detailed information.