cR0w@cR0w@infosec.exchange
LMAO.
https://support.checkpoint.com/results/sk/sk183761
The agent used a shared SFTP key embedded in the software to upload diagnostic logs. The key was granted permission to read and list files on the server, rather than restricted to upload-only access. As a result, anyone possessing the key could access log files uploaded by other customers.#patchTuesday