Endouble is dedicated to protecting the security and privacy of our clients, visitors and users of systems and services provided by us. We are committed to working with security researchers and reviewing all their reports concerning possible vulnerabilities. The program of Responsible Disclosure allows us to minimise the risk of vulnerabilities, and is a part of a process of continuous improvement of our services.

If you, as a security researcher, comply with the guidelines provided in this Responsible Disclosure policy, Endouble will not take legal action against you.

Guidelines:

Do not disrupt or degrade our services (e.g. DoS).
Avoid accessing, modifying or removing data that belong to Endouble or our clients.
Please include details of the vulnerabilities in your report, as well as the steps required for us to reproduce them, and Proof of Concept (PoC) if possible.
In case you managed to get access to confidential information from Endouble or their clients, especially Personally Identifiable Information (PII), do not share it with any third party and report the access to PII to Endouble.

Vulnerabilities in scope:

Below you will find a list of vulnerabilities that we find most important for our products and services. That does not mean we will not review reports that provide us with information about other types of vulnerabilities, but these will most probably be assigned much lower priority.
Also please remember that all attempts of Social Engineering (SE) are completely out of scope. Please refrain from sending us phishing emails, or placing phone calls that use SE techniques on our employees or clients.

We are interested in:

  • Sensitive data exposure
  • Cross-site request forgery (CSRF/XSRF)
  • Cross-site scripting (XSS)
  • Authentication bypass
  • Remote code execution
  • SQL Injection
  • Privilege escalation

Please allow us a reasonable time frame to fix the disclosed vulnerabilities before publicly discussing or revealing information about them.

Contact

The best way to contact us is to send us an email at security@endouble.com​.

If you would like to attach any confidential information (e.g. credentials, PoC’s, personal information) it is very important that you use the Endouble PGP key to encrypt all correspondence with us. Just remember to share your public key first!

If you don’t want to use PGP, please contact us first to establish a secure channel of communication before sending us any confidential information via plaintext email.

If you would like to hear back from us please provide us with your name (company name) and contact information together with your report.

Endouble Public Key

PGP: 0x441B2FF4ECFADD39

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFzBmqMBEADOPiINNpoY+72R787hEa/0/bzdwN/MyjzOetFaY1UDTZWZeIVh
ubNKz7/IploaGZCO5/CuqwTYQS848RMNbyudGE7SqL0PthKh1tQTS2eKjBHTZsXf
AVvTel8xTbDmYaS6+/GOWVA66QxrhlrDOcubgoOLFB86404+GSl1okfnhLVHdCZ2
6U/+BzdFKkpVqaV7hE9XV9ApfP+nbYYJgdyP960opAzc1/Yfstsvf3VUIpnovn+9
qC8tdmhRnfDnQvPTWtxYV8nO2CYBe1EJVoBBf8CDZ2kVBpixusOhIR8GJ4DGpWJV
Eg5BdzDGWdstOSj1blpG5dCJJcVqhrmSro3d1A9CSfOfHFEIU4MiI0o6esIjjZvg
UyAHOC/YirRMBX75gsUy+ygUSCsgbJ6PEIzCPaZizQ15bFeCaPHzsrd52WzlaDva
sdXPdVyuzskYknAgGBsgxLeKnMVk8BY/tXUQCG7Cr9oTqDlC7zUm0My87ma507R/
xQkJEnCRwhysSafTYB786BIDa325Sc+NPdJtGvHEBmxtnh2iPesIK8tFqZNUCzDJ
um7yvrYhj6KGZlHjAo1SJs9mz/6I81yZvCHS3qRcEV9+yA2dGUmYFa7j17o3+rh4
cOYl4zjc/QmKcpugEc2Ps2pizMIIEpw69I/MwStq/H7TwlpMnZT4JUT3oQARAQAB
tC5FbmRvdWJsZSBTZWN1cml0eSBUZWFtIDxzZWN1cml0eUBlbmRvdWJsZS5jb20+
iQJUBBMBCAA+FiEE6qTVMjqDhGtTV586RBsv9Oz63TkFAlzBmqMCGwMFCRLMAwAF
CwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQRBsv9Oz63Tk/6A/9GiQ3gmoNr3Se
jZocB3jNGjiusiGBKsAuR8OCBm/nam+YBQpDDq7lGlXevlO2+PMlOMIioa2KDZUX
dRARUwA+6M61SyrIPTbxfWXp3aDE/4XDqJ6LQnwqhY3WtbKNx23qMpVGvVZEHSQ+
LZzpJI4+7XGq1Qd6fmLXmfCJktNxVRiNg0nE8umE9d1/lfxNXPHrO6psnipAcOyr
d6WYZVE4pVVgYL6EvTNbigFo5o9WkD+cSbZnI3cBKP+WGsWfF78iyVyOSvkmonl7
Chejc+aGW5cnxdnEbOBEmKlSVifLgCYyVVvn14nB4EcJplZtwx6Nn5rBlyDEeYQW
N47PLKpHJ671eaznrZYgz30MpmgDmsjAJZ5qJ4WWT+/aaAWgr/YOglfsqDBB9KYa
qiOCdtnpi8dMRjUL3gyo+SlsCSCXCnF+HMENE+8+upcgLmvoz5dTtKMymXUQy9os
x5xxwkoU+4pTaGPwdB3o9rt398QGlWVl0Gc7ITtS2YETnPEDgF3mkf4gcX5UGTH0
hHYKFYMhUCuNUJxgp+OSHvIsnp4f1zSnKwSsNWwXuDMTl/bdcuzq9Dn4AVHujwIP
eU9+TkMDDoO5tV3Y5zkfqm5IG4WiQ7AJuCXYK3J4wXCENEAjDvjb8CtXyXsDA9Y1
5EUMWOH415xQKU8KUkw7M3eVbqQYPyy5Ag0EXMGaowEQAMsVRRwHomIcoGaZKuir
ptZsGYjCmtrsYf08Nzk5cPW9qYdA4R8EHTPeuapOUXDWK1v8ou1TchaCrgNm1oHQ
+vgLK4pVXo4tOchMGFSaDtyLHz4ou00xncKMJgYV5PIxVAS3IuE5H94JoA831I0S
CyH8kVcEXtrV4c8sTecrcQ+pLSKp3LcL5/TqKfQZEDScC8IBkJLUgDtEDj92gGMD
CCfybEHfLqhHtIs1472gyJJ0ZaFtySgwlRepPCMC8EknURCPN7Mlgn8mbGGQBNMY
dgfwWQTvb8VZ7lopNw789pmTs+cENREx1MA8j6bMh6YKzfjUV+Er8g5uqURZKyhN
2XOKGezxpcebwQWUQpdTK1kZdEbWbY3YziWQbzEuc2KzzhOtuuN3jwOsaubQFX7P
WJztUos0Q4ZI/gWjWgCLMyFZferVDr/Esyd2/DZhUZOuaeAhHUzpgS1PEh45eEh9
s29CNzAmnSjHj1ywrKtFBiFzF/AwXQXXJiIpVBVSKlqFPdhQAwPlP+b2EzwLRLEM
Fk0QquOHZ9YlUBJWrmdey+dTX3b2fnqXVuGphdjWMd/Hxv2a8qI20L0VqGaDqfFo
c7qAN+azNh7EzTGoXhLduQ1cGCAcdIFCy/XuQ8XUzr2nHmATENyS74TddUvwtwJX
f3by3CX6Ycl6Nlm6hNMEjBPLABEBAAGJAjwEGAEIACYWIQTqpNUyOoOEa1NXnzpE
Gy/07PrdOQUCXMGaowIbDAUJEswDAAAKCRBEGy/07PrdORfgD/9+xR+LR2NYkZ4z
t3oubH7rVWRJfAbuGkstpDGgrneB4muNtgPo6K4oroeyqlkJdDhIO4DkQaRQ/mhb
ijrOMQXZlVUTDpj06hGcmcdTd37EeEg/X+dDQtBCjWtLKHV9yZTs5i6zDVZ9wIfu
P1fFKYXb+WlO5YgZA13O5uizXg05E4hfL/1vgXIyKXI/bnlQ9G4PqvUXzfjN9yup
U4gXGZQ2tKTz3RLzfXCIeeBrjV0zI97MNmnDcBcaQWDsO8PudaaWxcVWrR9/a4eL
um6I4sjjxrDz6li1QKNWaYiERfcghOgHsUmE4LMEX+tBM8/52bA+5o6YmCOqmywy
2+OuEb46vA3aaj1JQFYW8KqkEJRDeM10tXC7vGhpFa+QtVXG/HROsuk/jrQ48OD/
GhLL5U23YHdnKpcVYcP2dlwEt3cPuFNE9XLVgyUOLsrIYjENsTuJWLfEFgg4LLG1
tFsbP5ppTQfgdaYQ0gh2J8Uy1FJwaqnn80ief9euIuSBOS66U+LXiYWsDck3mFbd
R5tDJdVQrPMVob4/xiSKBKL91aLrA53fuPOu6juJbofk2X+c5Uze42KUy+/T0rdi
ly0x5XfxA24D/110xNGnlHxeQTZBg+xVy9NR7nSznhVIcPJaMxS3TkGY5Vn5oaYR
ENbvupoF8ETqLhYVvtElP+GUMIWJCA==
=5yw6
-----END PGP PUBLIC KEY BLOCK-----