Zack Whittaker reports:
A security research firm has released details of a “critical” flaw in a security tool, despite being threatened with legal threats.
Munich-based ESNC published a security advisory last week detailing how a remotely exploitable bug in a security tool, developed by auditing and tax giant PwC, could allow an attacker to gain unauthorized access to an affected SAP system.
[…]
The corporate giant argued that ESNC shouldn’t have had access to the software in the first place, as it wasn’t a licensed partner.
“ESNC did not receive authorized access or a license to use this software. The software is not publicly available and was only properly accessed by those with licenses, such as PwC clients working with trained PwC staff,” said the spokesperson.
Read more on ZDNet.
This is yet another reminder of why the federal statute, CFAA, needs to be updated and to include protection for researchers.