We use cookies to provide you with a better service. By continuing we’ll assume you’re on board with our cookie policy.

Response Electronics

Help: 0345 257 2500

({{mb.basket.itemCount}} Items) {{mb.basket.subTotal}}

Showing the latest {{mb.basket.miniBasketItems.length}} products added. View full basket

Total items: {{mb.basket.itemCount}}
Sub-total: {{mb.basket.subTotal}}

Vulnerability Disclosure

Last updated: 11th November 2019, 12:57pm GMT 

 

Listed below are potential vulnerabilities raised against ERA products, software and services. In addition to the issues raised are the actions taken by ERA Home Security Ltd.

 

Date Raised

Vulnerability

Date of Response

ERA Response

 

 

 

 

6th November 2019

SSL cookie without secure flag set - responseelectronics.com

 

                                                                                                                                                                           

7th November 2019

Vulnerable version of the library 'jquery' found – eraeverywhere.com

 

 

11th November 2019

Vulnerable version of the library 'jquery' found - responseelectronics.com

 

 

11th November 2019

Account takeover using CSRF - responseelectronics.com

 

 

11th November 2019

Cookie without Http Only flag set – responseelectronics.com

 

 

11th November 2019

Cookie without Http Only flag set – eraeverywhere.com

 

 

11th November 2019

Cookies were issued by the application and do not have the secure flag set – eraeverywhere.com

 

 

11th November 2019

Vulnerable version of the library 'angularjs' found – eraeverywhere.com

 

 

 

ERA Vulnerability Disclosure - How to report

At ERA, we take the security of our products and services seriously, so it is immensely useful for us to get any feedback from researchers that can help develop our services. 

We operate a reporting procedure for the responsible disclosure of any security vulnerabilities. If you are involved with security research, please find details below:

 

How to report a suspected security vulnerablity:

If you believe you’ve found a potential vulnerability, please let us know by filling out the responsible disclosure form below and give us as much detail about it as possible.

Please do not make any information about any vulnerabilities public or do anything else that may put our customers’ data or our intellectual property at risk. And do not degrade our systems.

 

What actions will we take?

We will acknowledge your disclosure form and review the reported issue. After investigation, if there is an issue, we will provide an estimate for how long a resolution will take.  

 

Activity that we do not allow:

We do not allow any activity that may interfere with customers using our services, or any activity that may result in the modification, deletion or unauthorised disclosure of our intellectual property or personal customer data. Please find specific examples of this below:

  • Public disclosure of personal, proprietary or financial information
  • The modification or deletion of data that isn’t yours
  • Interruption, degradation or outage to services (like Denial of Service attacks)
  • Spamming / social engineering / phishing attacks
  • Physical exploits and/or attacks on our infrastructure
  • Local network-based attacks such as DNS poisoning or ARP spoofing

 

Vulnerability disclosures that are out of scope of our vulnerability disclosure policy:

  • Accessible non-sensitive files and directories (e.g. README.txt, robots.txt, etc.)
  • Fingerprinting / banner / version disclosure of common / public services
  • Username / email enumeration by brute forcing or by inference of certain error messages – except in exceptional circumstances (e.g. the ability to enumerate email addresses by incrementing a variable)

 

Reporting Form

Details of the Issue

Attachments

If you have any attachments/ screen shots etc to send. Please email those to info@responseelectronics.com

Contact Details

Help & Advice required?

Don't forget if you need any help you can always talk to our Customer Support helpline