Seagate Central Storage Remote Code Execution 0day

This is in reference to the bottom of the blog where the pentester posts his interactions with Seagate: “Lastly, Seagate asks the submitter, EgeBalci, to abide by the Bugcrowd Nondisclosure policy”. That policy is given here:

Nondisclosure

Nondisclosure is the default policy for OnDemand and continuous Next Generation Penetration Testing and is common in private bounty programs. In the absence of a Coordinated or Custom Disclosure policy (or in the case of any ambiguity) the expectation of the researcher and the Program Owner is nondisclosure. This is documented in our Standard Disclosure Terms and Researcher Code of Conduct. **This means no submissions may be publicly disclosed at any time and is designated by the following text in the program bounty brief: …

So it looks like Ege chose a site to test that has specifically requested that results are not made public. He did not abide by that request.

Thanks to the Courtesy of :

https://www.reddit.com/r/netsec/comments/ep035r/seagate_central_storage_remote_code_execution_0day/

Leave a Reply