General update
11/19/2024, 9:21:31 AM (about 1 month ago)

Dear researcher

Before we reopen our public VDP again, we want to fix all the vulnerabilities you found. We are still in this process and for the amount of different systems there are in use, this will take some more time. We will update you here as soon as we reopen the VDP program.

In the meantime, we invited some researcher in our private bug bounty programm.

Thank you for your patience and all your hard work!

Best regards
Arbonianer

Suspending Public VPD Programm
10/2/2024, 6:02:17 AM (3 months ago)
10/2/2024, 6:04:02 AM

Dear all

First of all thank you very much for you submissions.
Based on the findings and especially based on technical damages which hitted some of our systems, we are forced to suspend the Public VDP program.
As soon as we will continue, we will inform you again.

Best regards
pimporillo

Change of Scope and rules of engagement
10/1/2024, 2:00:07 PM (3 months ago)
10/1/2024, 2:01:18 PM

Dear all

Thank you for all your work in our VDP.

We made some slightly changes in our scope:

  • deleted the wildcard *-pruem.de and created the fixed URL's instead
  • took *.puertasdile.com out of scope for the moment
  • put *.arbonia.com back in scope

On puertasdile.com, we indicated changes made in the database and overwritten data due testing. We can't accept such behavior and strongly ask for following our rules of engagement!

Also keep in mind the Intigriti code of conduct which expects you to adhere to program rules at all times.
https://kb.intigriti.com/en/articles/5247238-community-code-of-conduct

Thank you and best regards
Arbonianer

Change of Scope
9/25/2024, 2:11:20 PM (3 months ago)

Dear all

We took https://*.arbonia.com out of scope because of timeouts on the homepage.

We will update you as soon as you can test *.arbonia.com again.

Thank you for your understanding.

Best regards
Arbonianer

Lowered the maximum for automated tooling
9/25/2024, 10:02:51 AM (3 months ago)
9/25/2024, 12:00:59 PM

Dear all

We are very thankful for all your hard work.

Unfortunately, some services were overloaded with the amount of requests.
That's why we lowered the maximum to two request per second for automated tooling in our rules of engagement.

Furthermore, we registered some exploit tries with more than the allowed requests per second and also e-mail bombing over online forms.
We therefore kindly ask you to follow the rules of engagement so our business has a as low impact as possible.

Thank you very much and have a wonderful day!

Best regards
Arbonianer

What a start!
9/24/2024, 3:24:24 PM (3 months ago)

Dear all

Thank you very much for all your hard work and submissions you provided us on the first day of this program.

I'm curious to see what else you'll find. In the meantime, we've taken the domain roziere.fr out of scope to do some further checks.

For everything else, I wish you happy hunting!

Best regards
Arbonianer

Welcome to the Arbonia VDP program
9/24/2024, 6:08:53 AM (3 months ago)

We are happy to announce our public VDP program! We've done our best to clean up our known issues and now would like to request your help to spot the ones we missed!