Israeli research Nir Goldshlager uncovered a major security hole with Facebook’s internally used “Secure File Transfer “ service hosted by Accellion. Written on his blog last week, Goldshlager shared his findings regarding a Password Recovery flaw in addition to some 20+ different bugs.
Using public knowledge of the Accellion platform, Goldshlager accessed a hidden account creation page for the Facebook deployment and created a new account linkedto his email. After analyzing source codes, file locations and Accellion’s password reset feature, he discovered hijacking an account was as easy as some simple cutting/pasting, a HTTP post request, and providing the users login email address.
Marked by itself as an “alternative to consumer-focused file transfer and sharing services for security conscious organization facing regulatory scrutiny,” Accellion and its customers are likely now taking a much closer look at security measures.
We protect your files from login to storage, giving you the ease of mind that your sensitive data is safely secure and readily accessible. Give your business an enterprise-grade file sharing solution that will pay for itself by allowing advanced control over what’s being shared and with whom.
Happy (& Safe) Sharing!