Sydney security tester Jamieson O'Reilly has reported a since-patched vulnerability in popular video platform Vidyo, used by the likes of the US Army, NASA, and CERN, that could see videos leaked and systems compromised.
O'Reilly, director of intelligence for consultancy Content Protection, says he picked up the bug during a client test and reported it to the New Jersey video company which has since issued a patch.
The company says some 3000 Fortune 100 SMB customers and 39 of the top 100 healthcare networks in the US use the product, together clocking more than 50 million minutes in talk time.
"I ended up finding an arbitrary file disclosure vulnerability," O'Reilly told The Register.
"There are a lot of publicly accessible Vidyo endpoints that are probably vulnerable that you can identify using Google."
O'Reilly says the patch version 184.108.40.206 has been released to close the hole.