An audit by the Department of Defense found that official sites contained information such as operational plans and soldiers' personal details.
"As a result, potentially sensitive matters and information were not adequately protected," said the report.
It was published at the beginning of the month, but only came to light after the Federation of American Scientists drew attention to it.
The report urged the US Army to set up annual security reviews of its sites and train its staff to make sure they were aware of the potential dangers.
Security review
After the attacks of 11 September, sensitive documents and reports were pulled from official US websites due to fears the information could be useful to terrorists.
The armed forces undertook similar action, reviewing the content of their websites to remove any unsuitable security information.
But the report by the Office of the Inspector General suggests that many documents slipped through the net.
For the audit, officials reviewed records and documents dated from November 1998 through December 2001.
They checked to see whether the websites contained details such as the names and locations of Army families, officers' travel details, weapon schematics or information about a unit's weaknesses or vulnerabilities.
Sensitive data
The audit revealed that much of this information remained publicly available.
"Organisations that we reviewed had websites that identified birth dates, family information, personal e-mail addresses, new equipment fielded and exercise data," said the report.
"The Army must prevent the disclosure of sensitive movements of military assets or personnel, locations of units, installations, or personnel," it went on to say.
The US Army has responded by taking on board the recommendations of the report.
In February, it set up a body called a Web Risk Assessment Cell to routinely carry out reviews of its sites to make sure they do not publish sensitive information.
~RS~a~RS~International~RS~q~RS~~RS~z~RS~08~RS~)