Global Award: Haris Floridis – The Cypriot security researcher who identified & publicized a highly significant vulnerability in company Checkpoint!!!
SecNews to EXCLUSIVITY today highlights the tracking event Critical weakness in Checkpoint, a leading security company in the world by a Cypriot researcher!
The weakness on the Checkpoint website
Exploiting weakness found by Mr. Harris Floridis as it turned out, it provided the possibility abroad malicious attacking, with zero knowledge of the company's internal infrastructure, intercept or alter critical information. Using weakness as reported by distinguished researchers contacted by SecNews could cause incalculable consequences exposing the company both in matters of confidentiality & legally to its customers but also mainly to be a blow to the reputation of the company
The vulnerability was due to an incorrect parameter of the subpage where its contributors appear around the world specifically here (http://partners.us.
checkpoint.com/partnerlocator/ ).
The partial exploitation of the weakness enabled the attacker to gain access to the Check Point Database with additional access extension capabilities. Evidence of existence & use of the weakness is in the possession of the Researcher and the company. The company confirms this accessibility as shown in the relevant announcement, which however does not publish the exact details so as not to damage its reputation.
In addition, SecNews has data that confirms the existence & use of the vulnerability, but does not disclose it since it mentions Checkpoint Customer data to which the tests were performed.
A few words about the researcher
The plan to solve the weakness.
Fully following ethics with regard to "Responsible Disclosure of Vulnerabilities", Mr. Floridis announced specific suggestions for its immediate resolution and proposals for further investigation of possible incidents.
In the communication we sought with Mr. Haris Floridis, he told us that the identification of extremely critical weakness was without the use of automated tools, but manually. It is well known that penetration testers of high prestige and knowledge choose to use manual methods based solely on their knowledge. After all, automated tools often make it impossible to detect and exploit vulnerabilities (due to the limited controls they perform).