Secure IT Software That Protects Your Data & Your Business

Security & Reliability Safeguards You Can Trust

When it comes to the security of Syncro systems, we strive to adhere to industry standards, including:

  • Vulnerability disclosure
  • Security incident response
  • Network and application security
  • Multi-factor authentication
  • Phishing and fraud prevention
  • Security awareness training
  • Informational security

Responsible Disclosure

Send an email to security@syncromsp.com if you find a potential vulnerability in our product or to discuss any security concerns.

We aim to acknowledge and triage messages within 24 to 48 hours (2 business days) from submission.

Syncro will define the severity of the potential exploit based on its impact and reach. It can take some time to validate findings, as sometimes things have reach that isn’t obvious at first glance.

We’ll triage and fix the exploit on a timeline based on the severity of the issue and our policy.

Best Practices for Reporting

Email security@syncromsp.com with sufficient details and information so we can investigate and validate the issue.

A demonstration video (unlisted on YouTube) goes a long way!

A description and an explanation of the impact are always helpful, particularly in instances when we can’t decipher how the report could be exploited. The more details, the better.


Products and domains in scope

  • (your_account)(*).syncromsp.com
  • *.services.syncromsp.com
  • (your_account)(*).repairshopr.com
  • *.kabutoservices.com
  • The Syncro Windows agent
  • The Syncro Mac agent

Qualifying vulnerabilities

  • Remote code execution (RCE)
  • SQL/XXE injection and command injection
  • Cross-site scripting (XSS)
  • Server-side request forgery (SSRF)
  • Access, Authentication, and authorization-related issues
  • Cross-site request forgeries (CSRF)

Non-qualifying vulnerabilities

  • Host header and banner-grabbing issues
  • Automated tool scan reports e.g., web, SSL/TLS scan, Nmap scan results
  • Missing HTTP security headers and cookie flags on insensitive cookies
  • Rate limiting, brute force attack
  • Login/logout CSRF
  • Session timeout
  • Unrestricted file upload
  • Open redirections
  • Vulnerabilities that require physical access to the victim machine
  • User enumeration such as user email, user ID, etc.
  • Phishing or spam (including issues related to SPF, DKIM, and DMARC)
  • Vulnerabilities found in third-party services
  • EXIF data not stripped on images

 Found a vulnerability? Email security@syncromsp.com if you think you’ve found something.

Try Syncro for Free!

Try Syncro for Free!