|
|
|
|
|
|
by josu
889 days ago
|
|
|
>October 18, 2023: I noticed the vulnerability is now fixed – the email sending API now requires authentication. I ask CERT-In if TTIBI can offer a bug bounty reward. >TTIBI never responded to the question, so I decided to close the case on December 22 and CERT-In sent me a nice appreciation letter. The letter: "Dear Eaton Zveare, This email is written in appreciation and recognition of your efforts for bringing our attention to the "Cryptographic Failures" in one of the Indian websites on 08.08.2023.
The role of responsible security researchers is pivotal for creating a secure cyber ecosystem and CERT-In strongly believes in working actively with a researcher like you for the discovery of cyber security vulnerabilities and their subsequent remediation in a responsible manner. We look forward to your valuable contribution in future as well. Thanks & Regards" https://eaton-works.com/cdn-cgi/imagedelivery/VwwCqBIYNXeyNQ... |
|
|