Summary by National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
Endpoints are secured
Unauthenticated Access to InterScan VirusWall Admin Interface
Disclosed by VivekGoswami- Engagement National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
- Disclosed date over 1 year ago
- Priority P5 Bugcrowd's VRT priority rating
- Status Informational This vulnerability is seen as an accepted business risk
Summary by VivekGoswami
This report highlights a critical security vulnerability identified in the NASA website, specifically the unauthenticated access to the InterScan VirusWall administration interface. During a routine security assessment, it was discovered that sensitive administrative endpoints, including /admin.cgi and /interscan/, are accessible without any authentication.
This exposure could allow unauthorized individuals to manage security settings, potentially leading to severe implications such as unauthorized access to sensitive data, service disruptions, or full compromise of the web infrastructure.
As a proactive measure, this report aims to inform the NASA security team of the vulnerability to ensure swift remediation and enhance the overall security posture of the organization.