ict:responsible-disclosure
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
ict:responsible-disclosure [2018/04/14 17:36] โ external edit 127.0.0.1 | ict:responsible-disclosure [2020/09/09 08:39] (current) โ [Configuration Issues] jonathan | ||
---|---|---|---|
Line 12: | Line 12: | ||
If these conditions are adhered to, we promise in return: | If these conditions are adhered to, we promise in return: | ||
- | * to reply to your e-mail within | + | * to reply to your e-mail within |
- | * to fix the vulnerability within | + | * to fix the vulnerability within |
* to give you credit for disclosing the bug and/or vulnerability; | * to give you credit for disclosing the bug and/or vulnerability; | ||
* to allow you to publicly disclose the bug and/or vulnerability after we have fixed it, if you so wish; | * to allow you to publicly disclose the bug and/or vulnerability after we have fixed it, if you so wish; | ||
Line 19: | Line 19: | ||
Please keep in mind that this IT environment is run by volunteering students. While we take security incidents very serious, we don't have a dedicated, full-time team watching our security mailbox. | Please keep in mind that this IT environment is run by volunteering students. While we take security incidents very serious, we don't have a dedicated, full-time team watching our security mailbox. | ||
+ | |||
+ | ====== Known configuration issues ====== | ||
+ | Due to the number of duplicate reports, please be sure to check the list below for known issues. | ||
+ | |||
+ | * Our e-mail domains don't have any DKIM records present due to a technical incompatibility. We make do with SPF records. | ||
+ | * There is no option to invalidate your own account sessions. We haven' | ||
====== PGP keys ====== | ====== PGP keys ====== | ||
Line 28: | Line 34: | ||
====== Hall of Fame ๐ ====== | ====== Hall of Fame ๐ ====== | ||
- | The following people have already responsibly disclosed a security vulnerability in our website. A huge thanks to them! ๐๐ฝ | + | The following people have already responsibly disclosed a security vulnerability |
+ | ===== Security Vulnerabilities ===== | ||
+ | * **[[https:// | ||
+ | * **[[https:// | ||
* **Wouter Kobes** disclosed that it was possible for any user to change the profile photo of any other user on //March 15, 2018//. | * **Wouter Kobes** disclosed that it was possible for any user to change the profile photo of any other user on //March 15, 2018//. | ||
+ | |||
+ | ===== Configuration Issues ===== | ||
+ | * **[[https:// | ||
+ | * **[[https:// | ||
+ | * **[[https:// | ||
+ | * **[[https:// | ||
+ | * **[[https:// | ||
+ | * **[[https:// | ||
+ | * **[[https:// | ||
+ | * **[[https:// | ||
+ | * **[[https:// | ||
+ | * **[[https:// |
ict/responsible-disclosure.1523720199.txt.gz ยท Last modified: 2018/04/14 17:36 by 127.0.0.1