RFA is a private, nonprofit corporation that broadcasts news and information to listeners in Asian countries where full, accurate, and timely news reports are unavailable.

Radio Free Asia’s mission is to provide accurate and timely news and information to Asian countries whose governments prohibit access to a free press.

This penetration test against several selectively chosen parts of the RFA.org web estate lasted five days total and led to a discovery of thirteen security vulnerabilities and five general weaknesses. One of the findings was classified to be of critical severity as the underlying vulnerability allows an attacker to execute arbitrary code on the web server. The test was carried out by two senior testers of the Cure53 team.

The vulnerabilities and weaknesses have since been addressed by RFA.

The full audit and summary of findings can be found below.

RFA Penetration Test