Acknowledgements

Table of Contents

responsible disclosure acknowledgements for security researchers who succesfully identified and reported vulnerabilities to HEMA.

acknowledgements #

On this page we acknowledge those who successfully identified and reported vulnerabilities on HEMA systems. Mentions on this webpage are reserved for those who reported qualified vulnerabilities and followed the responsible disclosure process.

Being mentioned on this webpage is voluntarily and at the discretion of the security researcher. As such, not all individuals are listed. Naturally, our gratitude also extents to them.

hall of fame #

A big thanks to the following individuals, who responsible disclosed vulnerabilities to us:

Jonathan Bouman - Reflected XSS
Zin Min Phyo - SSRF, Unvalidated redirect and exposure of an administrative interface.
Dinesh Kumar K - Unvalidated redirect and CRLF Injection.
Raghuram G - Subdomain hijacking, multiple high-risk CSRF vulnerabilities and sensitive information disclosure.
Mark Fijneman - Two high risk IDOR vulnerabilities.
Koen van de Lest - Reflected XSS and Client-side Validation Bypass.
Ruben Meeuwissen - Semi-stored XSS.
Albith Damodoran - Reflected XSS.
Siva Reddy - Account sessions not terminated on password change.
Anindya Ghoshal - XSS and insufficient request limiting
Anonymous security researchers that did not wish to be publicly referenced.

HEMA is grateful for your investigation and for sharing your technical knowledge with us. As such, you help us and other organizations becoming more secure.