Major security issue with sharing permissions in Sharefile

  • 1
  • Problem
  • Updated 5 years ago
  • Acknowledged
  • (Edited)
Since a couple of weeks we have a huge issue regarding sharing permissions. When you share a specific folder with an other user, that user will have access rights not only to that specific folder but to all folders and files! The user is added on root level.  And removing the user is not possible, since you can't change sharing rights on the level of "my files and folders" Even as admin you are not allowed to do so.
The issue is in the mobile apps as well as on the web interface.

I've asked sharefile support about this issue and got the following reply:

Allowing users to be added to the "My Files and Folders" section is a known issue with the mobile apps. Unfortunately, it is not possible to reverse these changes with either the app itself or the web interface.


In order to remove the user from the home folder, we would need to submit a request for our engineering team to complete this process on your behalf. Please let us know the user you want to be removed as well as which user's "My Files and Folders" section they were added to.

I find this very alarming. The whole concept of an enterprise secure filesharing system is gone. And Citrix just tells you, sorry... Known issue...

I trust Sharefile to share one folder or file with a colleague or an external person and instread they have access to all my files!!! Rather unbelievable Citrix won't fix this with highest priority.

 

 

 

Photo of Mike Poodt

Mike Poodt

  • 2 Posts
  • 0 Reply Likes
  • very disappointed and frustrated

Posted 5 years ago

  • 1
Photo of Justin Wall

Justin Wall

  • 143 Posts
  • 10 Reply Likes
Mike,

Thank you for posting. One of our Customer Care Managers, Allison, should be in contact with you concerning the issue.
Please let me know if you have any further questions or concerns. 
Photo of Mike Poodt

Mike Poodt

  • 2 Posts
  • 0 Reply Likes
Thanks Justin,
Allison did indeed contact me. I have to update the issue a bit. The issue I posted is ONLY an issue for sharing folders via the app, not via the web interface.
The issue seems to be fixed in the next update of the app.
I hope that update will follow very shortly, since most of our users are using the app as primary tool. Sharing via the app is a frequently used feature.
What alarms me the most is that this is quite a security issue for the users of the app. And I've seen no warnings or information about this. I have no clue if users have seen information not meant for them.

Thanks   
Photo of Justin Wall

Justin Wall

  • 143 Posts
  • 10 Reply Likes
Mike,

The apps including the fix (for the iPhone and iPad) are now available for download. MDM and MDX versions of the apps are available as well. 

I apologize for the inconvenience and understand your concern. Please let me know if you have any further questions.
(Edited)