REPORT

Read Forrester’s People Analytics Landscape Report –  Download now →

  • Home
  • Responsible disclosure program

Responsible Disclosure Program

Operational efficiency is the relationship between an organization’s output and input, that when healthy, helps businesses cut down on unnecessary costs while increasing revenue. It’s what businesses strive to do: produce a high-quality product at scale with as few resources as possible. At ActivTrak we value and welcome ethical hackers to find and report vulnerabilities to us. Our RDP guidelines are listed below

Guidelines

  • Please avoid any privacy violations, degradations, and disruption to the availability of our production systems during your testing.
  • Do not attempt to brute-force or spam our systems.
  • If the identified vulnerability can potentially extract information about our customers or systems, or impair our systems' ability to function normally, then please refrain from actually exploiting such a vulnerability. This is necessary for us to consider your disclosure a responsible one.
  • Please keep your disclosure confidential between yourself and ActivTrak until we resolve the issue.
  • We will update each submission with significant events, including confirmed validation, information requests, and if you have qualified for a reward or recognition.
  • We will do our best to fix issues in a short timeframe.
  • Submissions may be closed if a reporter is non-responsive to requests for information after seven days.

Scope

The following are in scope as part of our Responsible Disclosure Program:

The following are not in scope as part of our Responsible Disclosure Program:

  • Our “Create Free Account” form and all forms on www.activtrak.com
  • Our Careers page on https://www.activtrak.com/careers/
  • Our ActivTrak Help Center on https://support.activtrak.com/hc/en-us
  • Vulnerabilities identified with automated tools (including web scanners) that do not
    include proof-of-concept code or a demonstrated exploit.
  • Third-party applications, websites or services that integrate with or link to ActivTrak.
  • Discovery of any in-use service (vulnerable third-party code, for example) whose running version includes known vulnerabilities without demonstrating an existing security impact.
  • Findings derived primarily from social engineering (e.g., phishing, vishing).
  • Functional, UI, and UX bugs and spelling mistakes.
  • Network-level Denial of Service (DoS/DDoS) vulnerabilities.
  • Our mail servers or MX records.

Vulnerability Submissions

Please report any security issues you find to [email protected]. If your submission contains any sensitive vulnerability information, please encrypt it using our PGP public key
at the bottom of this page.

Please include the following in your submission:

  • Your name and contact information.
  • Company name (if applicable).
  • A detailed description of the potential vulnerability.
  • Exact steps to reproduce the issue, including any associated URL and parameters
    demonstrating the vulnerability.
  • The relevant details of your system’s configuration, such as any browser or user-agent
    information and operating system version.
  • Your IP address and ActivTrak account, so we can coordinate your activity with our logs.

Reward

We may grant an award after verifying that the vulnerability is reproducible, unique, and can impact our customers. Each submission will be evaluated case-by-case. The decision and amount of the reward will be at our discretion. Even if we cannot offer monetary compensation, we would be glad to publicly acknowledge your contribution in the Hall of Fame section on our website with your permission.

Thank You

We want to make sure to sincerely thank you for your disclosing responsibly and working with us to improve our security. We understand the work and talent you’ve put into finding these issues and appreciate you reaching out to us.

Our PGP Key

If you are submitting sensitive vulnerability information or wish to communicate with us privately about your concern, you can use the following PGP key to encrypt your message.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGCJzL4BEADwhR63jB2/N9CI+kykQI5ouTOV0tcPgmi3xrl2f9wWgzFtBAtR
VZXaEks1rsDTbKYV7yztu5c24txPxKIxwjhuuG6d/ldAV178gBCzJaT9LACr193R
cubvW0S60/dtcf4q3F8Nh9c65zAYNi8j2DOinM8ygeegPAH1fPy7CIqCliMZSc+p
xlTU66czQyoggE8nKRO3GWnhocMzIDxXujCrAF/Hmg0EyWcPcvy1uhRSjbkG6I8W
jCzzLorQVmO1ckAeiRzANzg/OBz9b16UQExWSudPGqjJnj4lmrQDbEsOAsfF15xx
Yuy5Z/eDKCP5usHYeCOvmZWlIdT9UdKaqKTBj58fnc6ITUnA7LAkjoW6RhhexksM
t0Z2NtDl+tChrgAJq8hLmkQWx0KYn+R39OH/MS/1BJUaMK+Z7gA91nNr34uZd54o
YJi3ijxTSIeNRnxksrNyJ66F7jtCPDYFAxi7FCGCdkb6oRog1eGRAvcW+0Pwvhn7
I37TkPyMW3q+g1Al+boM4rFSXFwFbk/pkJi1AaWBSZdPEVeULIwSNeoqLB1srRoY
mE8vT4fQr/FuzZDsoIYEZ7XPg1tnkWNEfJ9fKsGLjbuZd1koVzDvWManyyUrknO4
KS2iueoOOE2JiUoEWXYDP4V6wxRF2aIVomLK6HYud67utT9G2eJ7e1ehQQARAQAB
tCtBY3RpdlRyYWsgU2VjdXJpdHkgPHNlY3VyaXR5QGFjdGl2dHJhay5jb20+iQJU
BBMBCAA+FiEEAsZ+s8bhxqlxw5Pm69F3X0L/1WoFAmCJzL4CGwMFCQeGHzEFCwkI
BwIGFQoJCAsCBBYCAwECHgECF4AACgkQ69F3X0L/1WpMjg//ezvZov4TTjzCM/8H
wJCWhk5FnVGaU62rNIDOQ7lUrP1SHDLCI7nHXJ3KWOfgtKiluA900yL7PnDk+2p4
Cb7bLk85d+Oko0KVwB4M4QtG35Gh0J5Kz04tl66Dm2KgaqYDYPSkA3XWD6kaCp8O
Em4fYb/hCwcyULn0+wHSIaBpcWkc1DRGClhU4AzdHcanW0zphx9IRaSz+ih8VaC5
FXxLVWkrEvJLsp0EHHfohpg9ldB4PKudV42PGAJtOQFPyEb6nldxC54FuYP+tpAf
hqVMm/F/h/ArvBjyEyhP/a2lO0e0Qkt/s5q6T8Ov5b93AW+5CpCEgIcG6gPxD+cS
sA6o0SIumjlkNMkcQHRL8UzlzTf7HoJJkBplTm0EFtPBP6bhwORNIupl9YMyITDF
ilJD6Vq71DKfGYSOisKWoTVJSnTLPdOtcXcftLCzg+f8QqQ9H4QPPONjiQyfySLZ
/5XCAPTOR3bf1xkroZsmA5p+j/pivfjKLy478OU5lA/yuW/6wc77AV1RHnG+LMbb
SLsvmWVuH8Kh+m3oKLboJkeStCpv05R1D7u/pKQDbKNKYP+PeoNWYP4pzVkRiT5D
641h+g+FL1nzWSB2wpz8xsjhUUI22OKp0CkN8ERS+7WJVUlFx4ZutxxIsxufQT4B
mxpTfprXm53n8xY2tvjfLLTF66y5Ag0EYInMvgEQAOUNcb0jjObF/ttQewvSIQnZ
NDHfXFBwCw/gkKLCcgCTAS6sBmV1ptVMRgjaPoEs5cpnvzwGpEzCql7INhRgGV9Y
+8zJI8H6hRX6OvvrAOAh8W46Jvgc4G0iHi3d14G0AGXIkLjD9v/VRl2zK7G8t0HX
wKySb5caCutemfPwGbJVFHaBwQkaIw/NY/FAGB9ypG3pa8nFFHdaOWtgon5XDcgB
css5PzLmpQw8Igi5L97zi7SAbtZquW7NYJpOCUerv4F7u1M7391xTaL1pIDXvK/k
P4BWCCySeUhgr8lsmA1/038kYvY/keJiyH3nZkZ0VHV2fwt3F/Rb+s6eO5xaW54n
gQwoLZvBMO3vIo+fxUSS8W0q5lW4+970b4qTpOgz1kAlEbQbZCxsVVwV7vCfnYMO
5w5342zSNCTRHdrmnHnnmzy1qm/gaAgTkzzTUbP5lZgac2xeqGBJJBkyhzZEx8E8
gFrs1vKYRoazuqWobBIGxGGm5CFgqz4T1b964m9iE5DGmu6kpGLTFLnCYDnQEbTo
CLyT97LmezGJlWl7hlvgELUqP9VlEZ7VrsPRIXyoqhARDkx89TVc1BW+fOdldRNt
QLrErQ425kTVxU8+PxOuAcUkYc7H2pp+32yYGfQfwxLUhMXFCAhTSenlmDL0WNKp
cp4r1Rc1hLwyT38anF1LABEBAAGJAjwEGAEIACYWIQQCxn6zxuHGqXHDk+br0Xdf
Qv/VagUCYInMvgIbDAUJB4YfMQAKCRDr0XdfQv/VaoneD/9rwkTo1B+tJEQGw+N8
oSygXlKagOqEhDyShuYmN0mmpvqgOuxeZ7fGndk8dRv4VlmsliAEmMaBqW/5u5nT
YjahEsbWmXfp3F+yRtEZrFaVvQh5l262r5yYZ3+geTutVpEPBqd9ADvA2n53kcJf
6PlDS13lvCZHoH2LkKvPu+WrQl5mtetDwnySAEYeIZ9ct/Nq+T6l3u3VfjlZ61h/
FV5kXXKLsRiNrasJiFkBIhPsHrjSBpxafnxDZc+2Vqgv9DtRnCVqgVNO35n13UQK
JqP2uUSzAI9DR7Y3k2A5FM3o8GA9oT0SeK262mn5r4IZ04cLfNB1hAAfUd8YVZbv
RyNuTZe27IpwzS/XUkbcN3DGrq8Pf1zRaBF/CPzBkg7VF2NtnEyMj2sAX01P8fF9
p5lj7jto+P6pH/cX+0Istb8FSbtX0P9FExQ6eoCw1DThvAbF2h0F1gnaLal+fYht
XO+hXzLUGPmYdqp3B6s4zxkBS8ekvNeJjPeP2+WvSGNhiWTaOX6tOiiglV+lfsKq
HYjYNSZI4E+gStiBEj1aO2zK+baDWyC05NaaW+sFCimsrM5Wm7QUXysyMo/UAcLp
wGV61fcVbCPFRPgrVPfJbjvkEg8v4st4dcIox1VscFds7od9/YC8VjQj8L81vTOZ
tJtq+zIyu829sDo7jyEXGXmICw===E0Ze

-----END PGP PUBLIC KEY BLOCK-----

Copy PGP Public Key
Copied

Hall of Fame

Abhijith A
Yeshwanth
Umair Dharejo
Saurabh Patil

Shashank Bhure

Sanket Ambalkar

Mehedi Hasan

Sachin kalkumbe

Abhay victor

Krutika Tupkar

Abdeali

Yash Dharmani

Haris Muthusamy

Kanishkaran Srinivasan

Ali Hassan Kanishkaran

Nabin Ghimire

Pankaj lakshkar

Jatin Yadav

Kunal Mhaske
Vivek Panday
Yousef Saleh
Harsh Banshpal

Varad Magare

Nabin Ghimire
SRIHARAN MAHENDRAN
Krishna Chaitanya
Shubham Shete
Mohamed Althaf
Pawan Rawat
Harry Gertos
Rohan
Taniya

Mohammed ELdawody

Ariel Rachamim
Omri Inbar
Create free account Get started
Watch 2-minute demo See a demo