Jump to content
  • 0

How to report Security Vulnerability?

rAcKShen

Asked by rAcKShen,

 Share

Question

rAcKShen Member

rAcKShen

Posted
Posted

Found two security issues. Not critical software bugs. But one scores high. Did not calculate the other. And they are not in the building blocks used by Keenetic but in the configuration. So, for me, nothing to report upstream to any open-source project. I have report to Keenetic directly. Fixing them, I do not think they are very complex, should be not more than one line of code. So, worth to be reported.

Many companies go for FIRST and make it easy for security researchers by providing a secure communication channel/contact/E-mail (via the provided public OpenPGP key). Does anyone know how Keenetic likes it? OpenPGP or S/MIME? Do I go for my local country support? Or a global E-mail address (tried security@ and psirt@ but failed)? Or do we go for private messages via this board (would be OK for me)? Or do we go via GitHub (no policy posted)?

5 answers to this question

Recommended Posts

  • 0
KYTECHNGAMING Honored Flooder

KYTECHNGAMING

Posted
Posted
15 minutes ago, rAcKShen said:

Found two security issues. Not critical software bugs. But one scores high. Did not calculate the other. And they are not in the building blocks used by Keenetic but in the configuration. So, for me, nothing to report upstream to any open-source project. I have report to Keenetic directly. Fixing them, I do not think they are very complex, should be not more than one line of code. So, worth to be reported.

Many companies go for FIRST and make it easy for security researchers by providing a secure communication channel/contact/E-mail (via the provided public OpenPGP key). Does anyone know how Keenetic likes it? OpenPGP or S/MIME? Do I go for my local country support? Or a global E-mail address (tried security@ and psirt@ but failed)? Or do we go for private messages via this board (would be OK for me)? Or do we go via GitHub (no policy posted)?

Go to your https://keenetic.cloud/

and click Support link. 

or it is shortcut for you. https://help.keenetic.com/hc/en-us/requests/new

  • 0
admin Honored Flooder

admin

Posted
Posted
2 hours ago, rAcKShen said:

Do I go for my local country support? Or a global E-mail address

Please, drop a message to support@keenetic.de. It makes no sense to open this kind of discussion here.

  • 0
rAcKShen Member

rAcKShen

Posted
  • Author
Posted

I tried that first: #10407. However, they did not know about the procedure at all. Therefore, I tried several possible E-mail addresses. And then tried here. Not sure how to proceed.

  • 0
admin Honored Flooder

admin

Posted
Posted
19 hours ago, rAcKShen said:

Therefore, I tried several possible E-mail addresses. And then tried here. Not sure how to proceed.

Please continue with support@keenetic.de, that's the proper contact window for you. They will have to work out the procedure, even if it doesn't exist now.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...