VDPBwVulnerability Disclosure Policy der Bundeswehr
Danksagung
Der oder die ITInformationstechnik-Sicherheitsforschende wird nach seinen Fähigkeiten beurteilt und nicht nach Alter, Ausbildung, Geschlecht und Herkunft oder gesellschaftlichem Rang. Deshalb zeigen wir diesen Respekt auch öffentlich und erkennen diese Leistung an.
ITInformationstechnik-Sicherheitsforschende (Finderinnen und Finder)
Wir nennen, wenn nichts Anderes gewünscht ist, die Beschreibung der geschlossenen Schwachstelle und den Namen (bzw. den Alias) der Entdeckerin oder des Entdeckers, um so eine gute Zusammenarbeit mit der Bundeswehr auch öffentlich zum Ausdruck zu bringen.
| ITInformationstechnik-Sicherheitsforscher | Url | Schwachstellen | Anzahl |
|---|---|---|---|
| Ahmed Hassan | Misconfiguration | 1 | |
| Andreas Barth | https://www.linkedin.com/in/barth-andreas | Misconfiguration, Information Disclosure | 2 |
| Andrew Hess | https://www.linkedin.com/in/hess-andrew | Cross Site Scripting | 1 |
| Anthony Roth | Cross Site Scripting | 1 | |
| Bastian Wild | Weak HMAC | 1 | |
| Benjamin Kunz-Mejri | https://v1bounty.com | Information Disclosure, Misconfiguration, MITM, Open Redirect, SQL-Injection, Weak-Crypto, Cross Site Scripting | 39 |
| Boris Baumer | https://comp.bz/ | Misconfiguration, RCE | 2 |
| Charalambos Emmanouilidis | Misconfiguration | 1 | |
| Christian Krug | https://christian-krug.website/ | Misconfiguration | 1 |
| Damian Strobel | https://www.dsecured.com | Information Disclosure | 1 |
| David Eckel | https://www.sectepe.de | CSRF, FPD, Information Disclosure, Open Redirect, Misconfiguration | 13 |
| David Lassig | https://www.linkedin.com/in/davidlassig | CRLF, Misconfiguration, Cross Site Scripting | 3 |
| Erik Steltzner | https://github.com/r1cksec | Information Disclosure, Misconfiguration, SSRF | 4 |
| Fabian Mucke | https://twitter.com/HerrFabs | Misconfiguration | 1 |
| Florian Dalwigk | https://www.youtube.com/@Florian.Dalwigk | Information Disclosure | 1 |
| Florian Kunushevci | https://www.linkedin.com/in/floriankunushevci | Misconfiguration | 1 |
| Franz Antesberger | Misconfiguration | 1 | |
| Gaurang Maheta | Information Disclosure | 1 | |
| Gayatri Patil | Misconfiguration | 1 | |
| Hans-Martin Münch | https://mogwailabs.de/en/ | Misconfiguration | 1 |
| Harinder Singh | Misconfiguration, Clickjacking | 2 | |
| Ilkin Javadov | https://az.linkedin.com/in/ilkin-javadov-630491166 | HTML Injection, Misconfiguration, Information Disclosure | 4 |
| Ioannis Gkourgkoutas | https://gkourgkoutas.net | Information Disclosure, SSRF | 3 |
| Joel Mathias | Misconfiguration | 1 | |
| Julian Rittweger | Cross Site Scripting | 1 | |
| Kasper Karlsson | https://omegapoint.se/goteborg | Open Redirect | 1 |
| Kürşad Alsan | Misconfiguration | 1 | |
| Maik Robert | https://twitter.com/xEHLE_ | Information Disclosure, CSRF | 2 |
| Marc-Oliver Munz | https://blog.munz4u.de | ATO, Information Disclosure, LFI, Misconfiguration, Open Redirect, SQL-Injection, SSRF, Cross Site Scripting | 39 |
| Matthias Hoffmann | https://twitter.com/Theonly_Hoff | Cross Site Scripting | 1 |
| Matthias Marx | Information Disclosure, Misconfiguration, Cross Site Scripting | 4 | |
| Maurizio Ruchay | https://github.com/maurizi0 | Misconfiguration | 1 |
| Max Boll | https://www.max-boll.de | Cross Site Scripting, Open Redirect, CORS | 4 |
| Maximilian Kretschmer | https://maximiliankretschmer.de | FPD, Information Disclosure, Misconfiguration, RCE, SQL-Injection, Cross Site Scripting | 9 |
| Mohamed Nabil | Cross Site Scripting | 1 | |
| Moritz Samrock | https://laokoon-security.com | Misconfiguration, Cross Site Scripting | 2 |
| Mouhcine Ben Aomar | https://twitter.com/m0ppi_sec | Information Disclosure, Misconfiguration, SSRF, Cross Site Scripting | 9 |
| Nicolas Haberkorn | https://twitter.com/kekkegenkai1 | Cross Site Scripting, Information Disclosure | 3 |
| Nikhil Rane | Clickjacking | 1 | |
| nzhg3i_nzm | Misconfiguration, Privilege Escalation | 3 | |
| psytester | Misconfiguration | 1 | |
| Patrick Hener | https://twitter.com/C1sc01 | Information Disclosure, Misconfiguration, Cross Site Scripting | 8 |
| Patrick Lang | https://www.linkedin.com/in/patrick-lang-707809147/ | Information Disclosure | 3 |
| Raj Upadhyay | Misconfiguration | 1 | |
| Rene Rehme | https://twitter.com/ReneReh1 | Cross Site Scripting | 1 |
| Roni Al-Darwish | https://www.linkedin.com/in/roni-al-darwish-3ab786189 | Cross Site Scripting | 1 |
| Sebastian Hölzle | https://github.com/powerpointken | Information Disclosure, SSRF | 4 |
| Sebastian Stohr | https://twitter.com/_superhero1 | Cross Site Scripting | 1 |
| Secuninja | https://twitter.com/secuninja | Information Disclosure, Misconfiguration, Cross Site Scripting | 4 |
| Sheikh Rishad | Misconfiguration | 1 | |
| Simon Neubauer | Information Disclosure | 1 | |
| Sock Puppets | DDoSDistributed Denial of Service, SSRF | 2 | |
| Sp8c3 | https://twitter.com/sp8c3_ | Missing Policy | 1 |
| Thorben Lippke | https://twitter.com/_hacknsec | Misconfiguration, Open Redirect, SSO Bypass | 9 |
| Thorger Jansen | https://twitter.com/thorgerj | Information Disclosure, Cross Site Scripting | 3 |
| Tobias Schütz | https://twitter.com/totz_sec | SQL-Injection, SSRF, Cross Site Scripting | 3 |
| Tobias Wolter | https://www.linkedin.com/in/tobias-wolter | Misconfiguration, Broken Acces Control, Content Spoofing | 4 |
| Tony Nasr | Misconfiguration | 1 | |
| TTY Ninja | https://twitter.com/tty_ninja | Misconfiguration | 1 |
| Yusuf Aydın | https://twitter.com/h1_yusuf | Misconfiguration | 3 |
Ausgezeichnete ITInformationstechnik-Sicherheitsforschende
Als Grundvoraussetzung für die Auszeichnung, müssen ITInformationstechnik-Sicherheitsforschende drei qualifizierte Schwachstellen in den ITInformationstechnik-Systemen der Bundeswehr gemeldet haben. Angehörige des Geschäftsbereiches des Bundesministeriums der Verteidigung können nicht mit dem VDPBwVulnerability Disclosure Policy der Bundeswehr-Coin ausgezeichnet werden.
„Dein Hack für InfoSec“ – der Slogan des Coins.
Bundeswehr/Stefan Uj| Name | Ausgezeichnet am |
|---|---|
| Zachary Schroeder | 21.08.2024 |
| Yusuf Aydın | 21.08.2024 |
| Tobias Wolter | 20.08.2024 |
| Thorger Jansen | 08.01.2024 |
| Ilkin Javadov | 23.02.2023 |
| David Lassig | 14.09.2022 |
| Nicolas Haberkorn | 14.04.2022 |
| Max Boll | 29.03.2022 |
| Patrick Lang | 11.03.2022 |
| Patrick Hener | 03.03.2022 |
| Marc-Oliver Munz | 16.02.2022 |
| Matthias Marx | 21.01.2022 |
| Tobias Schütz | 21.01.2022 |
| Mouhcine Ben Aomar | 21.01.2022 |
| Thorben Lippke | 01.12.2021 |
| Erik Steltzner | 01.12.2021 |
| Ioannis Gkourgkoutas | 01.12.2021 |
| Sebastian Hölzle | 01.12.2021 |
| Benjamin Mejri | 20.10.2021 |
| Maximilian Kretschmer | 20.10.2021 |
| David Eckel | 20.10.2021 |
| Secuninja | 20.10.2021 |
