Zendesk vulnerability discovered.
Security researchers at Varonis have discovered a vulnerability in the customer support product Zendesk that could have allowed attackers to access customer accounts.
The researchers found a SQL injection vulnerability and a logical access flaw that affected the product’s reporting and analytics tool Zendesk Explore, which is disabled by default. Zendesk Explore is not enabled by default but is heavily advertised as a requirement for the analytic insights page.”Zendesk quickly issues patch. Registration is enabled by default because many Zendesk customers rely on end-users submitting support tickets directly via the web.
Source read time: 1 min - thecyberwire.com
Also offered in: Nederlands