The applicant security exam contained an Insecure Direct Object Reference (IDOR) vulnerability on the custom Apex controller on the https://█████.mil portal. The vulnerability allowed an attacker to switch the ownership of any Attachment record and access the files, which contained sensitive information such as personal medical records submitted as part of the vetting…Read More
