vi-logo
  • Prepaid
    down-arrow
  • Postpaid
    down-arrow
  • New Connection
    down-arrow
  • International Roaming
  • 5G
  • OTTs & More
    down-arrow
  • Help
    down-arrow
  • DND & Service Quality
    down-arrow
  • SKYC-Reverification
  • Business
  • Investors
Vi Logo

Vodafone Idea Limited

Vodafone Idea Limited, a partnership between the Aditya Birla Group & Vodafone Group, provides pan-India voice and data services using the latest communication technologies

FacebookInstagramTwitterYoutubeLinkedIn

about Vi

About UsVodafone Idea CorpVi FoundationVodafone GroupAditya Birla GroupInvestor RelationsNews & MediaCareerVi AppVi Stores Near MeVi BusinessHome BroadbandGIGAnetVi VoLTEGo GreeneSIMWiFi Calling5GBlog

more from Vi

Postpaid ConnectionPrepaid ConnectionPort Number to Vi / MNPFree SIM DeliveryTrack your SIM DeliveryFancy NumberIndividual PlansFamily PlansPrepaid to PostpaidBest Postpaid PlansBest Prepaid PacksHero Unlimited PacksUnlimited PacksTalktime PacksData PacksSMS PacksCaller Tunes PacksValue Added ServicesService Validity PacksJioHotstar PacksAmazon Prime PacksSony LIV PacksOnline RechargePostpaid Bill PaymentVi Shop - Seller PortalVi Video Vault

explore on Vi app

Vi GamesVi Movies & TVVi Hero UnlimitedVi WiFi CallingInternational RoamingCallertunesOrder Prepaid SIMOrder Postpaid SIMOrder VIP NumberPort to ViRecharge for Self/OthersPay Bill for Self/OthersCashback OffersHelp & SupportMy AccountVi ShopVi Prepaid Autopay

regulatory & quick access

Telemarketing RegistrationPrivacy PolicyTerms of ServiceNoticesPrepaid TRAI mandatePostpaid TRAI mandateWarning & FraudulentSecurity AwarenessDND ComplaintsDND RegistrationDisaster ManagementResponsible Disclosure PolicyNetwork CoverageRegister for Online RefundNetwork TroubleshootingBlock SIM OnlineUPI RechargePostpaid ISD Call RatesPrepaid ISD Call RatesMobile InternetSitemapVIBSLTerms & Conditions - Prepaid
FacebookInstagramTwitterYoutubeLinkedIn
This website uses own third-party cookies.Find out more about usage in our Privacy Policy page. Copyright Reserved with Vodafone Idea Limited (formerly Idea Cellular Limited).
Vodafone Idea Limited (Formerly Idea Cellular Limited), An Aditya Birla Group & Vodafone partnership, Suman Towers, Plot No.18, Sector 11, Gandhinagar – 382011, Gujarat.CIN L32100GJ1996PLC030976, T: +91-79 6671 4000, F: +91-79 2323 2251

RESPONSIBLE DISCLOSURE

Reporting Vulnerabilities

VODAFONE IDEA LIMITED believes in keeping its customer data secure and private. Security is a business priority for us, and our way of demonstrating that priority is by ensuring that our Responsible Disclosure Policy allows the cyber security and research community an opportunity to notify us of security vulnerabilities that may impact the safety of our customers.

 

We value the expertise and help of the cyber security and Research community in helping us maintain our high security standards. Vi encourages Security Researchers to keep us informed so as to ensure the security community can potentially avert security breaches and loss of sensitive data. You can use this site to report any suspected security vulnerabilities related to our services or products.

 

If you are aware of a vulnerability that could affect Vodafone Idea Limited’s services or products, please contact us via the link disclosed under “How to Report a Vulnerability”. Our security specialists will review all submissions and, where required, we will work on the vulnerability to make sure we are able to fix any potential issues as quickly as possible.

 

We will not take any legal action against or suspend or terminate the accounts of those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy.

1.Vulnerability Submission Guidelines –

  • Do submit your reports in English
  • Do exercise caution and restraint about personal data and do not intentionally engage in attacks against third parties, social engineering, denial-of-service attacks, physical attacks on any Vodafone Idea Limited property or spamming or otherwise causing a nuisance to other users.
  • Do provide Proof-of-Concept or sufficient information to enable reproduction of the vulnerability, so that it can be verified, reproduced, and possible remedies identified. Generally, identification of the vulnerable target, a description of the vulnerability and operations carried out to exploit the vulnerability are sufficient, but more details and information might be required in the case of complex vulnerabilities.
  • Do not abuse the vulnerability by causing disruption through your actions.
  • Do not share information about the vulnerability with others until it has been resolved in accordance.
  • Do submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.

2.Our Responsibility –

  • The finder’s personal details with third parties without their authorization, unless required to do so, to comply with legal obligations will be treated as confidential.
  • We will investigate any details you provide and respond as soon as possible. To acknowledge the first person who alerts us to previously unknown vulnerabilities, we will express our gratitude by appropriate means that VIL at its discretion will decide ( e.g. acknowledging the individual by sharing a letter or an email). We do not offer a public bug bounty program and compensation requests will not be considered in compliance with this Responsible Disclosure Policy.

3.Confidentiality Agreement –

Do not disclose confidential information, including details on your submission, without prior and explicit consent from VODAFONE IDEA LIMITED.

4.Vulnerability Submission –

Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Please, follow below procedure for submission of the vulnerability and mail us at vulnerability.disclosure@vodafoneidea.com

 

  • Title (Let us know what the vulnerability is all about).
  • Vulnerability Details (Please let us find the URL/Location of Vulnerability)
  • Vulnerability Description (We would like to know more about the vulnerability and its impact with a proof of concept or steps of replication)
  • Attachments of proof (such as screenshots, screen recordings).
  • Researcher Email (Optional)
  • Confirmation to the submission is accurate and relevant to VODAFONE IDEA LIMITED’s terms & Condition

5.Non-qualifying vulnerability submission –

When reporting vulnerabilities, please consider (1) attack scenario / exploitability, and (2) security impact of the bug. The following issues are considered out of scope:

 

  • Clickjacking on pages with no sensitive actions
  • Ability to perform an action unavailable via user interface without identified security risks
  • Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions
  • Disclosure of private IP addresses or domains pointing to private IP addresses
  • Leakage of sensitive tokens (e.g. password reset token) to trusted third parties on secure connection (HTTPS)
  • Self-XSS (tricking someone to running scripts on their console).
  • Missing best practices in HTTP headers without demonstrating a vulnerability
  • Attacks requiring MITM or physical access to a user's device.
  • Previously known vulnerable libraries without a working Proof of Concept.
  • Comma Separated Values (CSV) injection without demonstrating a vulnerability.
  • Missing best practices in SSL/TLS configuration.
  • Any activity that could lead to the disruption of our service (DoS).
  • Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS
  • Rate limiting or bruteforce issues on non-authentication / sensitive endpoints
  • Missing best practices in Content Security Policy.
  • Missing HttpOnly or Secure flags on cookies
  • Vulnerabilities only affecting users of outdated or unpatched browsers [Less than 2 stable versions behind the latest released stable version]
  • Software version disclosure / Banner identification issues / Descriptive error messages or headers (e.g., stack traces, application or server errors).
  • Tabnabbing
  • Open redirect - unless an additional security impact can be demonstrated
  • Issues that require unlikely user interaction
  • Static resources / public information "exposed" in storage buckets, unless an impact can be demonstrated
  • Unauthenticated CORS leading to no sensitive exposure or impact
  • Physical attacks towards any Vodafone property
  • Weak Captcha / Captcha Bypass
  • Lack of a session timeout
  • Vulnerabilities that have been recently published (less than 30 days)
  • Vulnerabilities that have already been reported/fix in progress.
  • “Cross Domain Referrer Leakage”, unless the referrer string contains privileged or private information

6.Non-Vulnerability Issue Submission –

If you want to report any other type of issue not related to security (e.g. customer complaints, billing issues, etc.) , please reach out to customercare@vodafoneidea.com

  1. Home
  2. Responsible Disclosure Policy