Acknowledgment of those who have helped us to secure Bosch Websites.
Bosch PSIRT Hall of Fame Policy
Researchers who report vulnerabilities in Bosch products and websites, after proper validation of their finding, can choose to appear in the Bosch PSIRT Hall of Fame.
Information that can be displayed in the Hall of Fame:
- Complete name
- Alias or nickname
- Link to personal social media page (e.g. Twitter, Facebook)
- Link to personal professional social media page (e.g. LinkedIn, Xing)
- Link to business social media page (e.g. Facebook, Twitter, LinkedIn, Xing)
- Link to hacker’s communities sites (e.g. Bugcrowd)
Information that cannot be displayed in the Hall of Fame:
- Links to personal websites
- Links to company’s website
- Links to any site with unknown terms and conditions or content moderation
- E-mail addresses
- Messaging services (e.g. Whatsapp, Telegram)
Please note that researchers can request to be removed from the Hall of Fame at any time. For this, they should send an email to PSIRT@bosch.com with the subject “Request of removal from HoF.”
Hall of Fame Bosch Websites
2024
David Jesus
Robert Scherer (3nvz)
Server-Side Request Forgery (SSRF)
Improper Restriction of Rendered UI Layers or Frames
Hacker T Dog
Exposure of Sensitive Information
Miguel Segovia Gil (Miguel Segovia Gil)
Exposure of Sensitive Information
Nitin Yadav (Nitin Yadav)
Uncontrolled Resource Consumption
Gujarathi Thrivikram (Gujarathi Thrivikram)
Exposure of Sensitive Information
Sharon Brizinov
Prathamesh Babarao Vilayatkar (Prathamesh Babarao Vilayatkar)
Exposure of Information Through Directory Listing
Ashutosh Nath Rimal (Ashutosh Nath Rimal)
Pawan Rawat (Pawan Rawat)
Kanhaiya Sharma (krishnsec)
2023
yning12 (yning12)
Reflected Cross-Site Scripting
Chirag Saini (Chirag Saini)
Miguel Segovia Gil (Miguel Segovia Gil)
Ahmad Alassaf (Ahmad Alassaf)
Bugoverflow (bugoverflow)
Arjith N R (Arjith N R)
Muhammad Imran (Muhammad Imran)
Insufficiently Protected Credentials and Sensitive Data Exposure
Kasper Kyllönen
Ramkrishna Sawant (Ramkrishna Sawant)
Chirag Ketan Prajapati (Chirag Ketan Prajapati)
Dawid Cieśla (Dawid Cieśla)
Blakduk (Blakduk)
Rokkam Vamshi (Rokkam Vamshi)
Suprit Sudheendra Pandurangi (Suprit Sudheendra Pandurangi)
Naveen Kumar M (Naveen Kumar M,@naveensparks1)
Vaibhav Kumar Srivastava (Vaibhav Kumar Srivastava)
Yaswanth Sai Boligarla (Yaswanth Sai Boligarla)
Patrick Lang (Patrick Lang)
Dinesh Kumar (Dinesh Kumar)
Ahmed Salah Abdalhfaz (@Elsfa7110)
Rtwo Gatelie (@secrtwoa)
Mallampati Sai Sashank (Mallampati Sai Sashank)
VEYSEL (VEYSEL)
Ranjeet Jaiswal (Ranjeet Jaiswal)
Krishna Agarwal (Kr1shna4garwal)
Expired SSL Certificate (Misconfiguration)
Deepak Kumar (@bug_vs_me)
Exposure of Sensitive Information to an Unauthorized Actor
Ori Levi (Ori Levi)
Yash kushwah (@cyberyash951)
Server-Side Injection (Parameter Pollution)
Ahmed Hassan (Ahmed Hassan)
Josef Hassan (Josef Hassan)
Rene Rehme (Rene Rehme)
Jaswanth132 (Jaswanth132)
Corrie Sloot (Corrie Sloot)
2022
Courte66
Exposure of Sensitive Information to an Unauthorized Actor
Wouter de Droog (Wouter de Droog)
Yavuz Özdemir (Yavuz Özdemir, cybersec_art)
Rene Rehme (@renereh1)
CWE-79: Improper Neutralization of Input During Web Page Generation
Satyam Singh (Satyam Singh)
Improperly Controlled Modification of Object Prototype Attributes
J. Francisco Bolivar (jfbolivar)
Insufficiently Protected Credentials
Keyur Maheta (Keyur Maheta)
4x Server Security Misconfiguration
Vulnerable and Outdated Components
Mahesh Raj (Mahesh Raj)
Sven Grossmann (Sven Grossmann, @svennergr)
Ahmed Salah Abdalhfaz (Elsfa7110)
Ishika Sharma (Chmodx1sh, @chmodx1sh)
Shreyash Khare (Shreyash Khare)
Vulnerable and Outdated Components
Mohit Kumar (Mohit Kumar)
Krishna Agarwal (kr1shna4garwal)
Application-Level Denial-of-Service (DoS)
Ramansh Sharma (Ramansh Sharma)
Vulnerable and Outdated Components
Mustafa Jamal (Mustafa Jamal)
2x Server Security Misconfiguration
Kanhaiya Sharma (Kanhaiya Sharma)
Server-Side Request Forgery (SSRF)
Ahmed Hassan (Ahmed Hassan)
Ritik Jangra (Ritik Jangra)
Improper Restriction of Excessive Authentication Attempts
Madhurendra Kumar (Madhurendra Kumar)
Gaurang Maheta (Gaurang Maheta)
Unauthorized Access to Services (API/ Endpoints)
VEYSEL (VEYSEL)
Server Security Misconfiguration
Haris Ahmed (@HarisAhmed95)
Kunal Narsale (Kunal Narsale)
Junting Zhu (@testert1ng)
Saeed Kamranfar (Saeed Kamranfar)
Server-Side Request Forgery (SSRF)
Gaurish Kauthankar (Gaurish Kauthankar)
Max Raams (max-raams)
Abhith Damodaran (Abhith Damodaran)
Shahid Ahmed (@ehsahid)
2021
Mohammed Fadhl Al-Barbari (@m4dm0e)
Ismail Tasdelen (Ismail Tasdelen)
Kunal Narsale
Harinder Singh (S1N6H) (Harinder S.)
Saeed Jaber Abugosh (@Saeedjabercyber)
Kanhaiya Sharma (Kanhaiya Sharma)
Abilash.V.L (Abilash.V.L)
Damodar Naik (Damodar alias Omkar Naik)
ahmed Alassaf (ahmed Alassaf )
Gaurish Kauthankar (Gaurish Kauthankar)
Milan Katwal (Milan Katwal)
Akshay Khilari (Akshay Khilari)
Junting Zhu (@testert1ng)
chmodx1sh (@chmodx1sh)
Chau Minh Khanh (@khanhchauminh) (Khanh Chau Minh)
Patrick Lang (Patrick Lang)
VIPIN K R (vipinvkr18 VIPIN K R)
Jebarson Immanuel (Jebarson Immanuel)
Akshay Ravi - copycat (Akshay Ravi)
Abdelrahman Khaled (Abdelrahman Khaled )
Mohammed Adam (Mohammed Adam, @iam_amdadam)
SebastianP
Madamshetty Srinivas (Madamshetty Srinivas)
Sina Kheirkhah (Sina Kheirkhah @Sin_Khe)
Veysel Oezer
Kanhaiya_sh (@Kanhaiya_sh4rma Kanhaiya Sharma)
Cache-Control for a Sensitive Page
Unprotected Transport of Credentials
Gaurang Maheta (Gaurang Maheta)
Oussama Kasmi (Oussama Kasmi)
N7 (@n7_sec)
Cankat Çakmak (Twitter Profile)
Subodh Kumar (SUBODH)
Thilo Mohri (Thilo Mohri)
Abhiraj Krishnan (@KrishnanAbhiraj, LinkedIn Profile)
shubhack319 (@shubhack319)
abdilahrf @ Vantage Point Indonesia (@abdilahrf)
Aditra Andri Laksana (Wayc0de)
Shahid Ahme (Shahid Ahme)
crazy_as_hell (crazy_as_hell)
Unprotected Transport of Credentials
Atul Sanjay Hadgal (Atul Hadgal)
courte66 e4366eolywrgpidfbio (@Twitter_e4366eolywrgpidfbio)
2020
Gokul Raju
MustafaSky
Thilo Mohri (Thilo Mohri)
Patrick Lang (Patrick Lang)
14x Sensitive Information Exposure
Vikas Srivastava, INDIA (@007vikaxh)
Sensitive Information Exposure
Tolgahan Demirayak (Tolgahan Demirayak)
Sensitive Information Exposure
Pam_sec
2x Sensitive Information Exposure
Mohammed Fadhl Al-Barbari (@m4dm0e)
Sensitive Information Exposure
courte66 e4366eolywrgpidfbio (@Twitter_e4366eolywrgpidfbio)
3x Sensitive Information Exposure
Aravind Valugonda
Abhiraj Krishnan (@KrishnanAbhiraj, LinkedIn Profile)
2x Sensitive Information Exposure
Tushar Balu Shinde (Tushar Shinde)
Clear Text Password Submission
Junting Zhu (@testert1ng)
Insecure Direct Object References (IDOR)
Akash H.C (Akash H.C)
Sensitive Information Exposure
Hamid Rezaei @ ZharfPouyan Toos (Xer0Days)
Observable Response Discrepancy
2x Insecure Direct Object Reference
Sensitive Information Exposure
Ismail Tasdelen (Ismail Tasdelen)
Unauthorized Access to Services (API/ Endpoints)
Sensitive Information Exposure
Husain Murabbi (@husain-murabbi-cyberhumans) Mansoor Rangwala (@mansoor-rangwala-cyberhumans)
Srikar V (@exp1o1t9r)
Sensitive Information Exposure
MelarDev (@melardev)
Lu William Hanugra @ Vantage Point Indonesia (hanugra)
Diwakar Kumar (Diwakar Kumar)
Steve Nyan Lin (Steve Nyan Lin)
Mariano Carrasco (@8marianoD)
Robbie Wiggins (@Random_Robbie)
Yunus YILDIRIM (@Th3Gundy)
delta0ne @ Vantage Point Singapore (delta0ne)
Priyanshu Parihar ( @priyanshu_xo )
pop404 Vantage Point Singapore (pop404)
Sensitive Information Exposure
Kirtikumar Anandrao Ramchandani (Kirtikumar Anandrao Ramchandani)
Uncontrolled Resource Consumption
abdilahrf @ Vantage Point Indonesia (@abdilahrf)
2x Sensitive Information Exposure
ashlyn @ Vantage Point Singapore (Ashlyn Lau)
Sensitive Information Exposure
Geethu Sivakumar, PaceHitech (Geethu Sivakumar, Geethu Sivakumar)
Muhammad Talha - Hamza Asif - Sarim Jamil - Syed Maaz Anwer
Jeffrey Hoekema (Jeffrey Hoekema)
Wasim Shaikh (@Wa_sim_sim)
Sensitive Information Exposure
Aishwarya Sanjay Kendle (Aishwarya Kendle)
Patrick Davidson Tremblay (Patrick Davidson Tremblay)
Cleartext Transmission of sensitive information
Chi Tran (Chi Tran)
Nathan Lee Grant (nathanleegrant)
Anh_thanh_nien - Security Researcher at VNPT ISC
Aditya Shende (@ADITYASHENDE17)
Sensitive Information Exposure
Hoang Quoc Thinh (@g4mm4 of CyberJutsu.IO)
Sourajeet Majumder (@sourajeet__)
Rahul M (Rahul M)
Aziz Hakim
Vishnuraj K V (Vishnuraj KV)
Pankaj Kumar Thakur
Severus (Severus)
Sensitive Information Exposure
Sadir Mehdi
Nitish Shah (@IamNitishShah)
Unauthorized Access to Services (API/ Endpoints)
Alex Chepovetsky (Alex Chepovetsky)
Sourav Newatia (Sourav Newatia)
Broken Authentication and Session Management
Shoeb Patel (@0xCaptainFreak)
Shubham Maheshwari (Shubham Maheshwari)
2019
Belal Rashed Othman (@bl4ckpanth_er)
Vishal Kumar Vachheta
Jarosław Węgrzynowicz
Wai Yan Aung (@waiyanaun9)
Md. Asif Hossain (Asif Farabi)
Eusebiu Blindu
Rayen Messaoudi (Rayen Messaoudi)
Dominique van Dorsselaer
Suhail Jahagirdar (Suhail Jahagirdar)
Cleartext Transmission of sensitive information
Shashank Chaurasia (Shashank Chaurasia)
Ezio Paglia (Ezio Paglia)
Bryan Smith (@d4rkm0de)
Dan Fabro
Armin (@cyberanteater)
Syed Abuthahir (Syed Abuthahir)
Patrick Davidson Tremblay (Patrick Davidson Tremblay)
Cleartext Transmission of sensitive information
Abhijeet Jain
Damian Schwyrz (@damian_89_)
Tushar Shinde (Tushar Shinde)
SerHack (@serhack_)
Alper Tecimer (Alper Tecimer)
Nikhil Kumar (Nikhil Kumar)
Numan OZDEMIR (Numan OZDEMIR)
Sreekanth Reddy (Sreekanth Reddy)
SI9NT
2018
Aamir Usman Khan
Tijo Davis (Tijo Davis)
Alberto Perez Agudo
Niraj Gautam (Niraj Gautam)
Pyae Phyoe Thu (Pyae Phyoe Thu)
Hein Thant Zin
दानिश इनामदार (दानिश इनामदार)
Aman Bhardwaj (Aman Bhardwaj)
Error Message Information Disclosure
Dan Niño I. Fabro
2 X Clickjacking
Mohammed Azharuddin (Mohammed Azharuddin)
Prathamesh Joshi (Prathamesh Joshi)
Information Disclosure Vulnerability
Artur Kiefel
Murtada Kamil (Murtada Kamil)
Salman Sajid Khan
Nikhil Sahoo (Nikhil Sahoo)
4 x Clickjacking
Chinthala Srinivas (Chinthala Srinivas)
Rajatkumar Karmarkar (Rajatkumar Karmarkar)
Ashish Gautam Kamble
Abhishek Misal (Abhishek Misal)
Subodh Kumar
Youssef A. Mohamed
Prayas Roshan Biswal (Prayas Roshan Biswal)
Information Exposure Through Error Message
Shiram Datar (Shiram Datar)
Abhishek Tiwari (Abhishek Tiwari)
2 x Clickjacking
Raghav Rao
Dzianis Skliar (Dzianis Skliar)
Information Exposure Through Error Message
Shubham Deshpande (Shubham Deshpande)
Dipen Patel (Dipen Patel)
Ashish Chhatani
Kunal Bahl (@Kunal Bahl)
Arjun Singh
B.Dhiyaneshwaran (B.Dhiyaneshwaran)
Improper Control of Interaction Frequency
Chirag Gupta (Chirag Gupta)
Mohammed Al-Barbari
Information Disclosure vulnerability
Murat Kaya
Abhishek Sidharthan (Abhishek Sidharthan)
Pranshu Tiwari (Pranshu Tiwari)
Adesh Nandkishor Kolte (@AdeshKolte)
Mohd Arif (Mohd Arif)
Mayank BIT Mesra (Mayank BIT Mesra)
Missing Authentication for Critical Function
2 x Error Message Information Disclosure
Mukesh Kumar (Mukesh Kumar)
Host based Web Cache Poisoning
Azam (Azam)
Samet Sahin
Orkhan Yolchuyev (Orkhan Yolchuyev)
Unrestricted Upload of File with Dangerous Type
Sean Melia (@seanmeals)
Mehmet Tuncer (Mehmet Tuncer)
Saransh Rana (Saransh Rana)
Samuel Eng (Samuel Eng)
Berk Imran (@berk_imran)
Bill Ben Haim (Bill Ben Haim)
Unrestricted Upload of File with Dangerous Type
Sahil Mehra (Sahil Mehra)
Islam Uddin (Islam Uddin)
Arne Ramos
6 x Clickjacking
Agametov Rustam (@AgametovRustam)
Server-Side Request Forgery and XSS
Arcot Krishna Manjunath (Arcot Manju)
Cleartext Transmission of Sensitive Information
Shivankar Madaan (@shivankarmadaan)
Cleartext Transmission of Sensitive Information
Wai Yan Aung (@waiyanaun9)
4 x Reflected XSS
Kirtikumar Anandrao Ramchandani (Kirtikumar Anandrao Ramchandani)
Rony Gigi (Rony Gigi)
Wen Bin KONG (Wen Bin KONG)
Sanyam Chawla (Sanyam Chawla, bugcrowd.com/infosecsanyam)
Shubham Maheshwari (Shubham Maheshwari)
Miguel Santareno (Miguel Santareno)
Mindset Software Technologies (MISTS)
qwacsawd (hackerone.com/qwacsawd)
Error Message Information Disclosure
Niklas Tanskanen (Niklas Tanskanen)
Use of Insufficiently Random Values
Sam Eizad (Sam Eizad)
Athul Jayaram
Sreedeep.Ck Alavil (Sreedeep.Ck)
Improper Input Validation (CVE-2017-9065)
Sarath Kumar (kadavul)
Peled Eldan (Peled Eldan)
5 x Reflected XSS
Yash Mehta (Yasf Mehta)
Mitesh Patil (Mitesh Patil)
Dawood Ansar (Dawood Ansar)
Shanmukh D
Thrivikram Gujarathi
Vikash Chaudhary
Ari Apridana (Ari Apridana)
Yusuf Furkan (Yusuf Furkan)
James Herrick (@mushicious)
Blake Rand
2 x Clickjacking
Remesh Ramachandran
Improper Input Validation (CVE-2017-9065)
Anant Mudgal (@anantmudgal)
Chris Green (@chris_t_green)
Ashish Kunwar (@D0rkerDevil)
Ipsita Subhadarshan Sahoo
4 x Clickjacking
Steven Hampton (@Steven)
2 x Clickjacking
Ismail Tasdelen (Ismail Tasdelen)
Overly Permissive Cross-domain Whitelist
4 x Clickjacking
Sensitive Cookie Without ‘HttpOnly’ Flag
Information Exposure Through an Error Message
7 x Improper Control of Interaction Frequency
6 x Cleartext Transmission of Sensitive Information
Nainsi Gupta (Nainsi Gupta)
Suru Santhosh (Suru Santhosh)
Mehmet Kelepçe (Mehmet Kelepçe)
2017
Himanshu Rahi (Himanshu Rahi)
Ravela Pramod Kumar
3 x Improper Restriction of Excessive Authentication Attempts
Mohammed Azeem k
3 x Clickjacking
Akshay Bhardwaj (GreyArt) (Akshay Bhardwaj)
2 x Clickjacking
José Manuel Aparicio González, Juan Francisco Acevedo Carles (@Odbk_sec)
3 x Reflected XSS
Ahmet Mersin
Suyog Palav (Suyog Palav)
3 x Clickjacking
Faiz Ahmed Zaidi (Faiz Ahmed Zaidi)
2 x Clickjacking
Kamran Saifullah
Vasim Shaikh (vasim-shaikh)
Md Sameull Soykot (@s0yk0t)
Nathan Lee Grant (@nathanleegrant)
2 x Reflected XSS
Pankaj Rane (@Panckaz_Rane)
Aayush Babbar
Tansel ÇETİN
Lars Peeters
3 x Reflected XSS
Jose Carlos Exposito Bueno
3 x Reflected XSS
Secuninja (@secuninja)
6 x Reflected XSS
Matthew Mawby (@updat3d)
GAİS (Güvenlik Açığı İstihbarat Servisi)
Shuvamoy Roy (shuvamoy.roy.3)
Eliran Itzhak (eliran-itzhak)
4 x Reflected XSS
Florian Kunushevci (florianx00)
Shwetabh Suman
Hagay Sason (grseecon.com)
3 x Reflected XSS
Umesh Jore
Max Derrick
Bharath Kumar (BharathKumarMV)
Improper Input Validation (CVE-2017-5638)
Mario Sahertian (mario-sahertian)
Error Message Information Disclosure
Yasin Soliman (@SecurityYasin)
Muhammad Mudassar Yamin (mudassaryamin)
M.L (@SonnySpooks)
2 x Error Message Information Disclosure
4 x Reflected XSS
Suhas Sunil Gaikwad (SuhasGaikwad, @iamSuhasGaikwad)
Sam Sanoop (@snoopysecurity)
5 x Reflected XSS
Amine Hm
Kenan Genç
Ketankumar B. Godhani (@KBGodhani)
Ed (@EdOverflow)
3 x Reflected XSS
2 x Insufficient Session Management
Pedro Cardoso (@tvmpt)
Vipin Chaudhary(vipin-chaudhary, @vipinxsec)
2 x Reflected XSS
Michał Praszmo (@nazywam)
Waseem Ullah Siddiqui
Sadik Shaikh
Mateusz Szymaniec (@RevToJa)
2016
Nassim Bouali
2 x Reflected XSS
Serge Lacroute
3 x Reflected XSS
2 x External service interaction
Sandeep Singh Jadon
Илья Селезнёв
2 x Path Traversal
Kenan GÜMÜŞ
XSS across many sites
João Pina (@tomahock)
2 x Reflected XSS
2 x Stored XSS
Elarbi Dafrouillah
2 x Path Traversal
Bosch PSIRT
Search our S/MIME key here
Fingerprint: 87:F1:6F:70:60:D2:94:83:82:AC:69:F5:46:86:7C:80:7F:86:1D:F0
Find our PGP Key here
Fingerprint: F40C 0FE3 E919 B082 B2DD 75E5 929D 3AFD 217E 21D7