If you upload a file to support.kace.com as part of a ticket, it can be readily downloaded by simply guessing the link. [Edit: Self censored to remove specifics as favor to Kace since they have a plan to resolve].

So before you upload a file to them you may want to think twice about its contents. At a minimum, name the file something unique; it won't protect against someone accessing the link via HTTP, but it's something. I would recommend uploading files encrypted though. It should be ok to put the password in the ticket as long as there isn't a known way to read ticket notes without authenticating (and it appears you can't log into tickets without being redirected to https).

I've brought this issue up to Kace Support in the past (as far back as 2011) and as of this writing, the issue still persists. I for the life of me can't understand why they allow files to be downloaded from a ticket without proper authentication.


UPDATE: Per bkelly's response below as well as my own testing, the issue has been addressed by requiring authentication. Nice!