I found a security vulnerability at crocs.com. I looked for security.txt or emails,etc but found nothing.
1 Like
Let me look into this for you. What is the classification of vulnerability? @vm_sachin
Reflected xss
Also 5-10 open redirects
Alright, let me see if I can get a contact for you.
@vm_sachin Hereās my offical, āFind that contact threadā on Twitter.
After a short couple of minutes, I have found that Crocs outsources their Security to Optiv managed services. I am working on getting a point of contact for you.
3 Likes
Hi. Iām in contact with a few people who may be able to get us to the right person. I will coordinate with you via DM.
1 Like
Still waiting for updates
3/2/2021: UPDATE
@vm_sachin I have received some updates from the Managed Services provider. I have a phone call with him today to discuss the vulnerabilities disclosed and then we can close the loop via e-mail you provided.
1 Like
You have been included in an email forward. Please introduce yourself to the individual in the email chain and takeover from here. Iāll be around if you have any questions.
1 Like
Just sent him the email. Canāt wait to get this fixed. Again Thank you for the help.
2 Likes
Let us know when itās resolved!
2 Likes
Itās been a couple of weeks, I would send a follow-up email to ask on the vulnerability patching process.
Itās still not patched yet. I mailed them for an update but no replies yet.
1 Like
When did you email them for an update?
1 Like
around 5 days ago (this 20 char limit is odd)
2 Likes
Iām going to bump this up for you via email.
We received an email response. The vulnerabilities should be addressed in the next month, which is fairly standard for medium severity vulnerabilities.
Please reply on this thread if you do not receive a response by 4/21 @vm_sachin
2 Likes
Just checked the email. Thnx for asking on my behalf 
2 Likes
Checking back in on this - How did you go @vm_sachin?
1 Like