Hall of Fame

Avoid cyber attacks that steal your passwords, identity, financial info, files - unite.un.org/infosec

Following are individuals and organizations that helped the United Nations in improving the security of the Organization's systems, data, and ICT resources by reporting security issues and vulnerabilities discovered.


United Nations
Information Security Hall of Fame

Salman Sajid Khan

Reported a server misconfiguration on unsceb.org
22 September 2018

0xMitsurugi (@0xMitsurugi)

Reported security misconfiguration on un.org
25 October 2018

Sudhanshu Rajbhar

Reported an XSS vulnerability on un.org
22 September 2018

Mayur Gupta

Reported a server misconfiguration on unsceb.org
21 September 2018

Shivam Krishan Sharma

Reported CORS misconfiguration vulnerability on un.org
3 September 2018

Gaurav Kumar

Reported an XSS vulnerability on un.org
1 September 2018

Rabsun Sarkar

Reported clickjacking vulnerability on un.org
13 August 2018

Boutine Adel

Reported an XSS vulnerability on un.org
30 July 2018

Ismail Tasdelen

Reported an open port on un.org
29 July 2018

SI9INT Website (https://si9int.sh)

Reported an XSS vulnerability on un.org
26 July 2018

Gh05tPT

Reported an XSS vulnerability on un.org
20 July 2018

Ismail Tasdelen

Reported a directory traversal vulnerability on un.org
18 July 2018

Boutine Adel

Reported an XSS vulnerability on un.org
16 July 2018

Jainendra Jain

Reported a SQLi vulnerability on un.org
4 July 2018

Akash Upadhayay

Reported an XSS vulnerability on un.org
9 June 2018

Arvind Mudaliyar

Reported an XSS vulnerability on un.org
18 May 2018

Yann CAM

Reported an XSS vulnerability on un.org
25 April 2018

Safak Aslan

Reported an XSS vulnerability on un.org
9 April 2018

Jayesh Patel

Reported an HTML injection vulnerability on un.org
7 April 2018

Ismail Tasdelen

Reported a Directory Listing vulnerability on un.org
3 April 2018

Safak Aslan 

Reported server misconfiguration on un.org
26 March 2018

Danish Tariq and Ali Hassan Ghauri (www.danalweb.com)

Reported a Clickjacking vulnerability on un.org
23 March 2018

Chirag Gupta

Reported an XSS vulnerability on unesco.org
22 March 2018

Sumit Sahoo

Reported server misconfiguration on un.org
22 March 2018

Safak Aslan

Reported an XSS vulnerability on un.org
19 March April 2018

Russel Rodrigues

Reported server misconfiguration on un.org
5 March 2018

Florian Kunushevci

Reported server misconfiguration on un.org
5 March 2018

Mitesh Patil

Reported CORS misconfiguration vulnerability on un.org
2 March 2018

Akash Labade

Reported a POODLE vulnerability on un.org
2 March 2018

Akash Labade

Reported a Poodle vulnerability on un.org
2 March 2018

Juba Baghdad (@JubaBaghdad)

Reported a path disclosure vulnerability on un.org
2 March 2018

Sanyam Chawla (Infosecsanyam)

Reported a path disclosure vulnerability on un.org
28 Feburary 2018

Danish Tariq

Reported a Clickjacking vulnerability on un.org
27 February 2018

Frank Vickers

Reported a path disclosure vulnerability on un.org
27 February 2018

Jose Carlos Exposito Bueno

Reported a SQLi vulnerability on un.org
26 February 2018

Remesh Ramachandran

Reported a Directory Listing vulnerability on un.org
25 February 2018

Aditya Dixit

Reported server misconfiguration on un.org
25 February 2018

Sreedeep.Ck Alavil (Kerala Police Cyber Dome)

Reported a SQLi vulnerability on un.org
25 February 2018

Mitesh Patil

Reported CORS misconfiguration vulnerability on un.org
23 February 2018

Saurabh Gurgule

Reported CORS misconfiguration vulnerability on un.org
23 February 2018

Kshitij Khakurdikar

Reported a SQLi vulnerability on un.org
22 February 2018

Ismail Tasdelen

Reported a file disclosure vulnerability on un.org
15 February 2018

Murtada Kamil

Reported a SQLi vulnerability on un.org
13 February 2018

Jose Carlos Exposito Bueno

Reported an XSS vulnerability on un.org
3 February 2018

Vitthal Shinde

Reported CORS misconfiguration vulnerability on un.org
1 February 2018

Taha Smily (@TahakhanTaha)

Reported an XSS vulnerability on un.org
1 February 2018

Vicky Smart

Reported CORS misconfiguration vulnerability on un.org
29 January 2018

Thrivikram Gujarathi

Reported CORS misconfiguration vulnerability on un.org
26 January 2018

Pranav Jagtap

Reported a SQLI vulnerability on un.org
23 January 2018

Ravi Xander

Reported an XSS vulnerability on unog.ch
23 January 2018

Ronnie T Baby

Reported an XSS vulnerability on un.org
22 January 2018

Youssef A. Mohamed

Reported a path disclosure vulnerability on un.org
22 January 2018

MyGf (TurkHackTeam.org, @tht_mygf)

Reported an XSS vulnerability on un.org
22 January 2018

Adesh Nandkishor Kolte

Reported an input sanitization error on un.org
22 January 2018

Pal Patel

Reported content injection vulnerability on un.org
21 January 2018

Ashutosh Barot

Reported content injection and server misconfiguration on un.org
21 January 2018

Mahesh Raykar

Reported an XSS vulnerability on un.org
19 January 2018

Vaibhav Gaikwad

Reported a SQLi vulnerability on un.org
19 January 2018

Mahesh Raykar

Reported an XSS vulnerability on un.org
19 January 2018

Shubham Maheshwari

Reported an XSS vulnerability on un.org
19 January 2018

Mayank Garg

Reported a SQLi vulnerability on un.org
18 January 2018

Tansel ÇETİN

Reported an HTML injection vulnerability on un.org
18 January 2018

Ferdi Bak (@iosFerdi)

Reported an XSS vulnerability on unog.ch
18 January 2018

Naina Usman

Reported an XSS vulnerability on un.org
18 January 2018

Ankit Singh

Reported CORS misconfiguration vulnerability on un.org
17 January 2018

Amir Naseem

Reported an XSS vulnerability on un.org
17 January 2018

Rounak Dhadiwal, HackersEra Cyber Security Consultancy Pvt.Ltd

Reported an XSS vulnerability on un.org
16 January 2018

Ali Tutuncu

Reported an XSS vulnerability on un.org
16 January 2018

Harsh Suratwala

Reported an XSS vulnerability on un.org
16 January 2018

Vikash Chaudhary, CEO & Founder at HackersEra Cyber Security Consultancy and Training PVT LTD

Reported an XSS vulnerability on un.org
15 January 2018

Renwa Hiwa (@RenwaX23)

Reported an XSS vulnerability on un.org
14 January 2018

Vikash Chaudhary, CEO & Founder at HackersEra Cyber Security Consultancy and Training PVT LTD

Reported  an XSS vulnerability on un.org
13 January 2018

Taha Smily

Reported an Open URL Redirection vulnerability on un.org
12 January 2018

Nisheal A John

Reported an XSS vulnerability on un.org
12 January 2018

Nisheal A John

Reported a SQLi vulnerability on un.org
12 January 2018

Rashed Al Naamani (@0man_X_HaCker)

Reported an XSS vulnerability on un.org
9 January 2018

Aditya Jadhav  (www.securecyberfuture.com)

Reported an XSS vulnerability on un.org
4 January 2018

Aditya Jadhav (www.securecyberfuture.com)

Reported a SQLi vulnerability on un.org
4 January 2018

Sajibe Kanti (@Sajibekantibd)

Reported content injection vulnerability on un.org
2 January 2018

Max Derrick

Reported an XSS vulnerability on un.org
2 January 2018

Nick Kelley

Reported an XSS vulnerability on un.org
19 December 2017

Daniel Kelley

Reported a Path Disclosure vulnerability on un.org
19 December 2017

Steven Hampton (@keritzy)

Reported an XSS vulnerability on un.org
17 December 2017

Renwa (@RenwaX23)

Reported an XSS vulnerability on un.org
13 December 2017

Takashi Suzuki 

Reported an XSS vulnerability on un.org
20 November 2017

Alvaro Muñoz (@pwntester)

Reported a .Net deserialisation vulnerability on tradestrategy.org
20 November 2017

Lewis (@LewisBugBounty)

Reported an XSS vulnerability on un.org
13 September 2017

SecuNinja

Reported an XSS vulnerability on unog.ch
11 September 2017

Lewis (@LewisBugBounty)

Reported an XSS vulnerability on un.org
12 August 2017

LewisWildgoose

Reported an XSS vulnerability on childrenandarmedconflict.un.org
17 July 2017

Remco Verhoef / DutchSec (@remco_verhoef)

Reported server misconfiguration
9 December 2016

United Nations Responsible Disclosure and Reporter Acknowledgment Policy

To improve the protection of its Information Communications Technology resources, the United Nations encourages the public to assist with its efforts by disclosing vulnerabilities in the United Nations’ publicly accessible information system. The manner by which such assistance may be made available to the United Nations is set forth below.

What to report to the United Nations

Security incidents and details of vulnerabilities associated with publically accessible United Nations (UN) Information Communications Technology resources, including websites.

Vulnerability reporting policy:

The UN will accept disclosures of vulnerabilities under the following conditions:

  1. The vulnerability has not already been publically disclosed.
  2. The vulnerability should be reported to the UN as quickly as possible after its discovery.
  3. The vulnerability findings must remain confidential for at least 90 days following the date the vulnerability was reported to the UN or until public disclosure of the vulnerability has been made on this website.
  4. The severity of a vulnerability finding is assessed by the UN at its own discretion.
  5. The name and contact information of the reporter may be disclosed to affected technology vendor(s) unless otherwise requested by the reporter.

The UN reserves the right to accept or reject any security vulnerability disclosure report at its discretion.

Individuals or entities who wish to report security vulnerability should follow the procedures set forth below:

  • The findings, including contact details, should be sent to infosec@un.org.
  • The findings should be communicated using PGP encrypted messages using the public key (PGP Fingerprint: A001 EB04 2D38 7016 EEA8 CC54 798E 86D7 6B9A A810) available on this website.
  • As much information as possible regarding the finding should be communicated to the UN to enable the Organization to reproduce and verify the vulnerability, in order to implement appropriate remediation actions.
  • The vulnerability findings must remain confidential for at least 90 days following the date the vulnerability was reported to the UN or until public disclosure of the vulnerability has been made on this website.

If more information is required regarding a reported vulnerability, the UN may contact the reporter; therefore it is important to provide valid contact details, including email address and/or telephone number.

If the conditions listed above are satisfied, the UN will verify the existence of the vulnerability, notify affected parties, and implement actions to mitigate the vulnerability.

Once the vulnerability has been removed, the reporter will be acknowledged unless he/she wishes to remain anonymous, and listed (at his or her own discretion) on this page with a short description of the vulnerability reported.

By reporting vulnerability findings to the UN, the reporter acknowledges that such reporting is provided pro bono and without expectation of financial or other compensation. The reporter also affirms that neither he/she nor any entity that he/she represents is complicit in human rights abuses, tolerates forced or compulsory labour or use child labour, is involved in the sale or manufacture of anti-personnel mines or their components, or does not meet the purposes and principles of the United Nations.