I found a security vulnerability on quicken.com that I’m trying to responsibly disclose (CVSS 5.3). I sent an email to [email protected] on December 19, but I haven’t heard back from anyone yet. Does anyone have an idea on how to contact them?
1 Like
I was just browsing through their support forum, they seem to monitor it well, for example:
Terms page mentions Secu* around 18 times, but info.
Apparently they want postcards sent to: * Developer Contact Info: Direct any questions, complaints or claims to: Quicken Inc., 3760 Haven Ave, Menlo Park, CA 94025 or visit https://www.quicken.com/ to access Support.
But in all seriousness, the forum there seem monitored, I would even hijack the Morgan Stanley Security Enhancement thread, or create a new one:
Examples
I would reply to one of those threads, or post a new one.
Quicken is absolutely huge so this is a doozy, @caseyjohnellis you know anyone?
Sorry I didn’t see this earlier!
I was able to get in touch with them via DMing @Quicken_Care on Twitter.