Responsible Disclosure - NDIX
info@ndix.net
Need support? +31 (0)53 711 41 77
Customer portal
NDIX > Responsible Disclosure

Responsible Disclosure

At NDIX, we consider the security of our systems very important. Despite our care for the security of our systems, a weak spot might still occur.

If you have found a vulnerability in one of our systems, we would like to hear about it so we can take the required security measures as quickly as possible. We would like to work with you to better protect our customers and our systems.

We ask you:

  • Email your findings to responsibledisclosure@ndix.net,
  • Not to misuse the problem by, for example, downloading more data than necessary to demonstrate the leak or accessing, deleting or modifying third-party data,
  • Not to share the problem with others until it is resolved and to delete all confidential data obtained through the leak immediately after the leak is closed,
  • Not to use physical security attacks, social engineering, distributed denial of service, spam or third-party applications, and
  • To provide sufficient information to reproduce the problem so that we can fix it as soon as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more may be required for more complex vulnerabilities.

What we promise:

  • We will respond to your report within 5 working days with our assessment of the report and an expected date for a resolution,
  • If you have complied with the above conditions, we will not take any legal action against you regarding the report,
  • We will treat your report confidentially and will not share your personal information with third parties without your consent unless necessary to comply with legal obligations. Reporting under a pseudonym is possible,
  • We will keep you informed of the progress in resolving the problem,
  • In notifying you of the reported problem, we will, if you wish, include your name as the discoverer.

We aim to resolve all problems as soon as possible and we will be happy to be involved in any publication about the problem after it is resolved.

Welcome to our Hall of Fame

This is a space dedicated to recognizing and appreciating individuals who have contributed significantly to our digital safety by responsibly reporting vulnerabilities. We extend our heartfelt gratitude to these exceptional individuals, whose efforts have played a crucial role in strengthening our defenses against cyber threats. Their vigilance and commitment to responsible disclosure are invaluable in creating a more secure and resilient digital landscape.

2024

Naam: Suresh S.
Reported: Information Exposure Through Directory Listing
Status: Resolved

Naam: Gaurang maheta
Reported: CVE-2017-5487
Status: Resolved

Naam: Mridul Rastogi
Reported: Absence of MTA-STS record
Status: Ongoing

Name: Mridul Rastogi
Reported: CWE-346
Status: Closed

Name: Yash Ahmed Quashim
Issue: CWE-346 invalid DMARC
Status: Resolved

Name: SASI KUMAR R
Issue: RFC 6844
Status: Closed

Name: Joel Mathias
Issue: No Rate Limit On Report bug
Status: Closed

Name: Bharath Kalyan
Issue: No rate limit on login page
Status: Closed

Name: Sanjith Roshan
Issue: Password Reset Link No CVE
Status: Closed