Whilst no attempt was made by the researcher to reach out to us and responsibly disclose his findings prior to public publication, we do not believe this vulnerability to be valid. Furthermore we dispute the assigned CVSS (Common Vulnerability Scoring System) score of 7.5.
The supposed vulnerability allowed a user to bypass the login screen for our software's public demo. However, we already publicly listed the credentials users could use to login to the demo on the login page itself (i.e. these demo credentials were already knowingly in the public domain).
Therefore, at no time did this supposed "exploit" disclose any sensitive information, or allow an "attacker" to gain any form of elevated level of access to our public demo. It also did not affect any of our customer's MIDAS systems.