Security Vulnerabilities

Updated: October 2015

Responsible Disclosure

Here at Constant Contact, we welcome the reporting of security vulnerabilities in our product and services and encourage researchers to reach out to us when they find issues. We operate under the concept of responsible disclosure and require any researcher to follow the following process:

  1. The researcher shares the issue with us first before he or she shares it publicly
  2. We get a reasonable amount of time to address the issue before the researcher makes the information public
  3. The researcher provides all the details to validate and reproduce the issue
  4. The researcher makes a good faith effort to avoid data destruction, theft, privacy violations and interruption or degradation of our service.
  5. The researcher must not violate any laws.

How do I submit the report?

Please submit your report at vulnerability@constantcontact.com or through our twitter account at @CTCTsecurity.

Be sure to include a secure contact method for us to contact you, and we'll get back to you as soon as possible, usually within three-business days, acknowledging the receipt of your submission.

To encrypt your email communications to us, please use our PGP public key.

NOTE: We will not accept vulnerability submissions at the security@constantcontact.com email address.

What happens after I submit my report?

Once we've received your message, we will assign a security analyst to your submission and we will investigate the issue to determine how broad the impact might be. This analyst will reach out to you and will serve as your primary contact for the submission. Please note, it is our policy to not publicly comment on the validity of submissions until a fix is released. Once the fix is released, we will update the acknowledgements list on this page.

Thanks for your help!

Security is a constantly evolving field and we enjoy collaborating with the best and brightest in the security community. We always appreciate your taking the time to help us find and fix security flaws so they don't pose a serious risk to our customers.

Thanks to everyone who has let us know about vulnerabilities in the past.

  • Abdullah Alomair
  • Abhinav Karnawat -  
  • Adam Ziaja -  
  • Ahmad Ashraff -
  • Ahmed Adel Abdelfattah - |
  • Ahmed Mogy
  • Ajay Anand -  
  • Ajay Singh Negi -  
  • Ala Arfaoui -
  • Alex Chepovetsky  
  • Ali Hasan Ghori -  
  • Ali Khan
  • Ali Salem Saeed (Ali BawazeEer)
  • Ankit Bharathan -  
  • Ankit Giri
  • Arun Kumar -
  • Ashish Dhaduk -
  • Ashish Tikarye
  • Atulkumar Hariba Shedage -
  • Aworunse Matthew Temi
  • Babar Khan Akhunzada
  • Balvinder Singh
  • Ben khlifa Fahmi -
  • Burak Beyzadeoğlu (Bariş Demirdöğen) -
  • Burhan Rao
  • Chakradhar Chiru
  • Chiragh Dewan -
  • Daniyal Nasir
  • Danyal Zafar -
  • Darji Maheshkumar Rajubhai -
  • David Hoyt -  
  • Devesh Bhatt -
  • Digvijay Singh
  • Dipak Kumar Das -
  • Divakar -  
  • Dylan S. Hailey
  • Ehraz Ahmed -
  • Emanuel Bronshtein
  • Eusebiu Blindu -  
  • Evan Ricafort
  • Fish Getachew
  • Gaurav Raj
  • Harsha Vardhan Boppana
  • Himanshu Kumar Das -
  • Indrajith.AN -
  • J Muhammed Gazzaly -
  • Jatin Mangani -
  • Javid Hussain
  • Jay Jany
  • Jay Patel
  • Jay Turla - |  
  • Jayaram Krishna Kumar
  • Jayson Zabate -
  • Jayvardhan Singh -
  • Jeevan Dahake -
  • Jerold Camacho -
  • Jigar @ Infobit -
  • Kamalakar B
  • Kamil Sevi
  • Kamran Saifullah
  • Kapil Soni
  • Ketankumar B. Godhani -
  • Khair Alhamad
  • Konduru Jashwanth
  • Koutrouss Naddara
  • Krutarth Shukla -
  • Lohit Mehta
  • Lyubomir Tsirkov
  • MD Azharuddin - Kazarian
  • MD Mihir Mistry -
  • M.R.Vignesh Kumar -
  • Madhu Akula -
  • Mahadev Subedi
  • Mahmut Esat Yildirim -  
  • Malte Batram -
  • Manish Bhattacharya -  
  • Maulik Kotak -
  • Mayank Bhatodra -
  • Mehul Rana
  • Meris Bihorac
  • Miguel Ángel Jimeno Arce -
  • Milad Bahari Rad -
  • Mirza Burhan Baig
  • Missoum Özil -  
  • Mohamed Khaled Fathy -
  • Mohamed Ramadan -  
  • Mohamed Saeed -
  • M. Sabih Shahzad Ghauri -
  • Muhammad Mujtaba -
  • Muhammad Osama -
  • Muhammad Shahmeer -
  • Muhammad Zeeshan
  • Nadi Abdellah -
  • Narendra Bhati
  • Neo Seesor
  • Nikhil Mittal -
  • Nitesh Shilpkar
  • Nithish Varghese
  • Nitin Goplani
  • NesSim JeRbi -
  • Nutan Kumar Panda
  • Osanda Malith Jayathissa -
  • P.B.Surya.Subhash -
  • Pablo J Barrios
  • Parichay Rai -
  • Patrick Webster -  
  • Piyush Malik -
  • Prajal Kulkarni -  
  • Prasad Kancharla -
  • Pratap Chandra
  • Pratyush Anjan Sarangi
  • R. Blake Hitchcock
  • Rafael Pablos -  
  • Rafay Baloch -  
  • Raj Sukali -
  • Rakan Alotaibi -
  • Rakesh Singh & Harish Kumar & Sandeep Sodhi -
  • Ramin Farajpour Cami
  • Ranjan Kathuria -
  • Ravi Chandroliya -
  • Ravindra Singh Rathore -
  • Rehneet Singh
  • Riaz Ebrahim -  
  • Romans Mironov
  • Roy Jansen -
  • Sabari Selvan -  
  • Sahil Dhar -
  • Sahil Saif -
  • SaifAllah benMassaoud -
  • Sajibe Kanti
  • Sam Gandhi
  • Saurabh Chandrakant Nemade -
  • Shai Rod -
  • Shahee Mirza -
  • Shashank Kumar -
  • Shaun Bertrand -  
  • Shawar Khan -
  • Siddhesh Gawde -
  • Srikanth Yandava -  
  • Sujit Ugale -  
  • Sujoy Chakravarti -
  • Sukhwinder Singh -
  • Sumit Sahoo -
  • Tejash Patel -
  • Thamatam Deepak
  • Tushar Rajhans Kumbhare -  
  • Umraz Ahmed -
  • Vedachala Ka -
  • Vijith PV - |
  • Vikram Pawar
  • Vinesh Redkar -  
  • Vinod Tiwari
  • Vivek Snethil
  • Wang Jing -  
  • Yasir Altaf Zargar & Asif Showkat Wani
  • Ye Yint Min Thu Htut
  • Yogendra Jaiswal
  • Yogesh Modi
  • Yuji Kosuga -
  • Yuji Tounai -
  • Zakaria Amous
  • Zee Shan