Acknowledgements
Table of Contents
responsible disclosure acknowledgements for security researchers who succesfully identified and reported vulnerabilities to HEMA.
acknowledgements #
On this page we acknowledge those who successfully identified and reported vulnerabilities on HEMA systems. Mentions on this webpage are reserved for those who reported qualified vulnerabilities and followed the responsible disclosure process.
Being mentioned on this webpage is voluntarily and at the discretion of the security researcher. As such, not all individuals are listed. Naturally, our gratitude also extents to them.
hall of fame #
A big thanks to the following individuals, who responsible disclosed vulnerabilities to us:
- Jonathan Bouman - Reflected XSS
- Zin Min Phyo - SSRF, Unvalidated redirect and exposure of an administrative interface.
- Dinesh Kumar K - Unvalidated redirect and CRLF Injection.
- Raghuram G - Subdomain hijacking, multiple high-risk CSRF vulnerabilities and sensitive information disclosure.
- Mark Fijneman - Three high risk IDOR vulnerabilities, XSS, SSRF, LFI, and several other findings.
- Koen van de Lest - Reflected XSS and Client-side Validation Bypass.
- Ruben Meeuwissen - Semi-stored XSS.
- Albith Damodoran - Reflected XSS.
- Siva Reddy - Account sessions not terminated on password change.
- Anindya Ghoshal - XSS and insufficient request limiting.
- Ali Good Luck - Sensitive Data Exposure.
- Brijesh (Redhet) - Sensitive Data Exposure.
- Ranjeet Kumar Singh (geekboyranjeet) - Cross-Site Request Forgery (CSRF).
- Daan Slager - Hardcoded sensitive information.
- Chirag Ketan Prajapati aka [CYBERTIX] - Header based CSS injection, CSRF and multiple information disclosures
- Anonymous security researchers that did not wish to be publicly referenced.
HEMA is grateful for your investigation and for sharing your technical knowledge with us. As such, you help us and other organizations becoming more secure.