We value the expertise and help of the cyber security community in helping us maintain our high security standards. You can use this site to report any suspected security vulnerabilities related to our services or products.
If you are aware of a vulnerability that could affect Vodafone’s services or products, please contact us through our Coordinated Vulnerability Disclosure email address, listed on this page under “How to Report a Vulnerability”. Our security specialists will review all submissions and, where required, work with you to make sure we are able to fix any potential issues as quickly as possible.
Respect the rules: Friendly hacking
Vulnerability Disclosure Policy Guidelines
As a responsible member of the cyber security community, your expertise can help us fix potential issues faster and more effectively. If you find a suspected vulnerability relevant to Vodafone, please let us know so we can fix the problem as soon as possible.
- Respect privacy: Do not spy on others’ data, manipulate it or share it with others. Do not take advantage of your exploits.
- Do not engage in disruptive behaviour: Your research cannot harm the availability of our services by executing “Denial of Service” attacks.
- Be patient: Do not inform others. If you want to make the vulnerability public, please consult with us first to coordinate publication and its timing. Meanwhile, we will investigate the vulnerability and fix it, but this may take a while.
- Respect the rules.
- No rewards will be provided.
- No wall of fame available.
- Submission criteria: submissions of vulnerabilities that contain a working proof of concept, steps to reproduce the issue, and a clear summary of the vulnerability will be prioritised.
- 404 HTTP page errors
- Banner disclosures
- SSL/TLS insecure chippers
- Missing HTTP security headers
- TRACE/OPTIONS HTTP methods enabled
- Logout CSRF
- Clickjacking attacks
- Public files or directories disclosure (readme.html, robots.txt, sitemap.xml)
- Secure and HTTPOnly cookie flags
Reporting other non-vulnerability issues
If you are looking to report any other type of issues not related to security, please use the links bellow for assistance:
How to Report a Vulnerability
Please help us by providing as much information as possible about the problem you have discovered. If you have not yet done so, please remember to review our rules and guidelines previously announced before submitting the information by email to email@example.com
We would appreciate if you could please use the following format on the email to help us better process submissions.
Name of researcher/entity
Summary and Description:
(We suggest that you include as much information as possible so we can verify the vulnerability)
- Name of vulnerability
- Date discovered
- System affected
- Brief description of vulnerability
- Steps to reproduce
- Other details you wish to share
Proof of concept and support material should be attached as PDF
Contact name and surname
Email for further communications
Phone number (optional)