One Boolean parameter broke authentication on 30,000 ShareFile servers
by Artem Safonov
A single false parameter passed to .NET's Response.Redirect() kept the admin panel rendering after a redirect. watchTowr chained it to RCE on 30,000 internet-facing ShareFile servers. Patched March 10, disclosed April 2.
Read more →