A student at the Technology and Applied Sciences Faculty, Amjad Qabha said in a report which he sent to the “vulnerability coordination” and/or a “bug bounty program” of the “HackerOne” website that he found a Cross-Site Request Forgery (CSRF) type loophole in the website of the U.S. Department of Defense (DoD), according to the written statement made by the al-Quds Open University.
Noting that hackers are able to send a password confirmation form thanks to the loophole, Qabha said that once the form is confirmed by a Pentagon employee, the password is activated, and hackers can access the Pentagon staff’s account.
The problem was solved after his correspondence with Pentagon regarding the loophole, and Qabha’s name has been added to the list of those who contributed to protecting the website from hackers.
The DoD in 2016 initiated a “Hack the Pentagon” program in order to tighten their websites’ security. Within the program, contractual hackers were supposed to find loopholes of the Pentagon websites. HackerOne was elected as the consultant of the “Hack the Pentagon” program.