The vendor fixed the issue remarkable quickly, but
Additionally, the Last modified field in directory listings disclosed the timestamp of location information too.
Addresses like firstname.surname@xxxxxxxxxx disclosed confidential information about the people working in specific organizations too.
Juha-Matti
artful38@xxxxxxxxx wrote:
Looks like they closed the hole. Even using the hard-coded password, you can no longer get directory listings of email addresses (nor can you do so without credentials)
