Fuze, a maker of popular enterprise-grade voice-over-IP handsets, earlier this year patched three vulnerabilities that exposed user account information and enabled unauthorized authentication.
The issues were made public today by researchers at Rapid7 who privately disclosed the flaws on April 12. Fuze turned around fixes for each of the vulnerabilities by May 6, but public disclosure was delayed until today.
Full Article.