Looking for a security contact at crocs.com

I found a security vulnerability at crocs.com. I looked for security.txt or emails,etc but found nothing.

1 Like

Let me look into this for you. What is the classification of vulnerability? @vm_sachin

Reflected xss
Also 5-10 open redirects

Alright, let me see if I can get a contact for you.

@vm_sachin Here’s my offical, “Find that contact thread” on Twitter.

After a short couple of minutes, I have found that Crocs outsources their Security to Optiv managed services. I am working on getting a point of contact for you.

2 Likes

Hi. I’m in contact with a few people who may be able to get us to the right person. I will coordinate with you via DM.

1 Like

Still waiting for updates

3/2/2021: UPDATE
@vm_sachin I have received some updates from the Managed Services provider. I have a phone call with him today to discuss the vulnerabilities disclosed and then we can close the loop via e-mail you provided.

1 Like

You have been included in an email forward. Please introduce yourself to the individual in the email chain and takeover from here. I’ll be around if you have any questions.

1 Like

Just sent him the email. Can’t wait to get this fixed. Again Thank you for the help.

1 Like

Let us know when it’s resolved!

2 Likes

It’s been a couple of weeks, I would send a follow-up email to ask on the vulnerability patching process.

It’s still not patched yet. I mailed them for an update but no replies yet.

1 Like

When did you email them for an update?

1 Like

around 5 days ago (this 20 char limit is odd)

2 Likes

I’m going to bump this up for you via email.

We received an email response. The vulnerabilities should be addressed in the next month, which is fairly standard for medium severity vulnerabilities.

Please reply on this thread if you do not receive a response by 4/21 @vm_sachin

1 Like

Just checked the email. Thnx for asking on my behalf :hugs:

1 Like