WHID 2006-2: GSA takes down eOffer after finding security flaw

Documents uploaded to GSA site where accessed using a predictable sequential identifier without requiring special permissions. The documents where available both for viewing and modifying. The site was in service for more than 18 months until the vulnerability was discovered.

Additional information:

• GSA takes down eOffer after finding security flaw [Federal Computing, Jan 13 2006]
• Think Reveals Flaws in U.S. Government Security [Think Computers, Jan 13 2006]