Security risk - Disclosure of Share names

I come from a Corporate background where “need to know” is a key cornerstone of Security.  In effect, you disclose only the information each user needs to know to perform their task.  With that in mind…

When users contact the WD My Cloud, before authenticating with username/password, all Share names on the My Cloud are disclosed to the user.  This is a BIG no-no.  Only after the user successfully authenticates should they be permitted to see only the Shares to which they have access.  Disclosure gives the hacker unnecessary information that could assist their breakin, and can focus their efforts on Shares that seem most promising.

Please update My Cloud to require user authentication before disclosing ANYTHING about its content.  After authentication, disclose only Shares to which they are authorized.

6 Likes