U.S. Dept Of Defense disclosed a bug submitted by maskedpersian: https://hackerone.com/reports/1657033 [Source]