Found a vulnerability in a government portal, is it ok to mention the name of the organization?

This topic has 13 replies, 8 voices, and was last updated 1 year, 4 months ago by User_82ee2b71.

Viewing 7 reply threads

Author

Posts
- February 7, 2025 at 2:59 pm #58444 Reply
  User_82ee2b71
  Participant
  U
  
  User_82ee2b71
  PARTICIPANT
  February 7, 2025 at 2:59 pm
  
  I recently discovered a critical vulnerability on a government website that was exposing sensitive user data, including mobile numbers, home addresses, names, and billing details. If exploited by a malicious actor, this could have led to a significant data breach.
  
  After identifying the issue, I responsibly reported it, and the vulnerability has since been fixed.
  
  My question is: **Am I allowed to mention the name of the organization and the type of data that was exposed in a LinkedIn post to showcase my cybersecurity skills?**
  
  I want to ensure that I am not in any legal trouble. Any insights from the community on responsible disclosure practices would be helpful.
- February 7, 2025 at 3:13 pm #58451 Reply
  Luckybear8410
  Participant
  L
  
  Luckybear8410
  PARTICIPANT
  February 7, 2025 at 3:13 pm
  
  I wouldn’t post it on LinkedIn
  - February 7, 2025 at 3:21 pm #58457 Reply
    User_82ee2b71
    Participant
    U
    
    User_82ee2b71
    OP
    February 7, 2025 at 3:21 pm
    
    thanx for your opinion
- February 7, 2025 at 3:14 pm #58450 Reply
  User_c75747a7
  Participant
  U
  
  User_c75747a7
  PARTICIPANT
  February 7, 2025 at 3:14 pm
  
  I would first contact the department who’s website has issues.
  - February 7, 2025 at 3:21 pm #58456 Reply
    User_82ee2b71
    Participant
    U
    
    User_82ee2b71
    OP
    February 7, 2025 at 3:21 pm
    
    department will never allow neither resolve the issue, I took help of cert-in organization to fix this issue.
- February 7, 2025 at 3:20 pm #58449 Reply
  User_2172e2f2
  Participant
  U
  
  User_2172e2f2
  PARTICIPANT
  February 7, 2025 at 3:20 pm
  
  Ask them for bounty
  - February 7, 2025 at 3:23 pm #58455 Reply
    User_82ee2b71
    Participant
    U
    
    User_82ee2b71
    OP
    February 7, 2025 at 3:23 pm
    
    no government organisations paya bounty :/
- February 7, 2025 at 3:48 pm #58448 Reply
  User_0cc26242
  Participant
  U
  
  User_0cc26242
  PARTICIPANT
  February 7, 2025 at 3:48 pm
  
  If it doesn’t get viral, then no point in posting it. If it does there might be other issues. If I would have been in your shoes then I would mention this in an interview as a cool story kind of thing.
- February 7, 2025 at 3:50 pm #58447 Reply
  User_62110ee9
  Participant
  U
  
  User_62110ee9
  PARTICIPANT
  February 7, 2025 at 3:50 pm
  
  no option but to report it on certin. maybe tweet or post on linkedin after the issues been resolved if you really really want to.
  - February 7, 2025 at 3:54 pm #58454 Reply
    User_82ee2b71
    Participant
    U
    
    User_82ee2b71
    OP
    February 7, 2025 at 3:54 pm
    
    yes, issue has been fixed. Just wanted to know if I can mention that government organisation.
    
    for example:
    
    I’ve seen many people mentioning their findings of irctc in twitter or news channel
- February 7, 2025 at 4:32 pm #58446 Reply
  Mightykomal1002
  Participant
  M
  
  Mightykomal1002
  PARTICIPANT
  February 7, 2025 at 4:32 pm
  
  2lpa engineer hits again 🤣
  - February 7, 2025 at 4:33 pm #58453 Reply
    User_82ee2b71
    Participant
    U
    
    User_82ee2b71
    OP
    February 7, 2025 at 4:33 pm
    
    Hi 50lpa can you also hit?
- February 7, 2025 at 4:59 pm #58445 Reply
  User_94f82857
  Participant
  U
  
  User_94f82857
  PARTICIPANT
  February 7, 2025 at 4:59 pm
  
  Get a written approval from the organisation before you disclose it.
  - February 7, 2025 at 5:00 pm #58452 Reply
    User_82ee2b71
    Participant
    U
    
    User_82ee2b71
    OP
    February 7, 2025 at 5:00 pm
    
    Thanks
Author

Posts