Information Security Researchers Parveen Yadav and Mayank Bhatodra have identified a critical security flaw in Adobe website that exposes the sensitive internal data of Adobe Systems Inc.
Adobe uses an application called P4web which provides convenient access to versioned files through popular web browsers. Files can be viewed as icons or thumbnails and all standard operations can be performed in the browser.
Unfortunately, the Adobe fails to restrict the Perforce P4web web client being accessed by users , it results in exposing the internal data.
For a security reasons, we are not providing the vulnerable link here. The URL allows us to read the internal data including email IDs of Employees, Full Name. It also exposes the Internal system directory and computer names, Source codes.
"An application only protects sensitive functionality by preventing the display of links or URLs to unauthorized users. Attackers can use this weakness to access and perform unauthorized operations by accessing those URLs directly." Researcher said.
The researcher notified Adobe before few months but they failed to respond to them. We have also notified Adobe about the vulnerability but there is no response from their side.