I found a security vulnerability at crocs.com. I looked for security.txt or emails,etc but found nothing.
Let me look into this for you. What is the classification of vulnerability? @vm_sachin
Also 5-10 open redirects
Alright, let me see if I can get a contact for you.
@vm_sachin Here’s my offical, “Find that contact thread” on Twitter.
After a short couple of minutes, I have found that Crocs outsources their Security to Optiv managed services. I am working on getting a point of contact for you.
Hi. I’m in contact with a few people who may be able to get us to the right person. I will coordinate with you via DM.
Still waiting for updates
@vm_sachin I have received some updates from the Managed Services provider. I have a phone call with him today to discuss the vulnerabilities disclosed and then we can close the loop via e-mail you provided.
You have been included in an email forward. Please introduce yourself to the individual in the email chain and takeover from here. I’ll be around if you have any questions.
Just sent him the email. Can’t wait to get this fixed. Again Thank you for the help.
Let us know when it’s resolved!
It’s been a couple of weeks, I would send a follow-up email to ask on the vulnerability patching process.
It’s still not patched yet. I mailed them for an update but no replies yet.
When did you email them for an update?
around 5 days ago (this 20 char limit is odd)
I’m going to bump this up for you via email.
We received an email response. The vulnerabilities should be addressed in the next month, which is fairly standard for medium severity vulnerabilities.
Please reply on this thread if you do not receive a response by 4/21 @vm_sachin
Just checked the email. Thnx for asking on my behalf