"vulnerability stemmed from .... sharing a URL without any additional log-in or authentication. The URL contained the actual document ID and thus other documents could be viewed simply by changing the number in the URL. The URLs .... did not expire." squirepattonboggs.com/-/medi…