Global Distinction: Harris Floridis - The Cypriot security researcher who identified & published a weakness of high importance in the company Checkpoint !!!
SecNews to EXCLUSIVITY today highlights the tracking event Critical weakness in Checkpoint, a leading security company in the world by a Cypriot researcher!
The weakness on the Checkpoint website
Exploiting weakness found by Mr. Harris Floridis as it turned out, allowed an outside malicious attacker, with no knowledge of the company's internal infrastructure, intercept or alter critical information. Using weakness as reported by distinguished researchers contacted by SecNews could cause incalculable consequences exposing the company both in matters of confidentiality & legally to its customers but also mainly to be a blow to the reputation of the company
The vulnerability was due to an incorrect parameter of the subpage where its contributors appear around the world specifically here (http://partners.us.
checkpoint.com/partnerlocator/ ).
The partial exploitation of the weakness enabled the attacker to gain access to the Check Point Database with additional access extension capabilities. Evidence of existence & use of the weakness is in the possession of the Researcher and the company. The company confirms this accessibility as shown in the relevant announcement, which however does not publish the exact details so as not to damage its reputation.
In addition, SecNews has data that confirms the existence & use of the vulnerability, but does not disclose it since it mentions Checkpoint Customer data to which the tests were performed.
A few words about the researcher
The plan to solve the weakness.
Fully following ethics with regard to "Responsible Disclosure of Vulnerabilities", Mr. Floridis announced specific suggestions for its immediate resolution and proposals for further investigation of possible incidents.
In the communication we sought with Mr. Haris Floridis, he told us that the identification of extremely critical weakness was without the use of automated tools, but manually. It is also known that highly respected and knowledgeable penetration testers choose to use manual methods solely based on their knowledge background. The automated ones tools after all, they make the detection and exploitation of weaknesses often impossible (due to the limited controls they perform).