Secure IT Software That Protects Your Data & Your Business
Syncro software plays a foundational role in your business. Understanding this, we take our responsibility for delivering a secure and reliable product very seriously. Here are the safeguards we have in place and the commitments we make to our partners like you.
Security & Reliability Safeguards You Can Trust
When it comes to the security of Syncro systems, we strive to adhere to industry standards, including:
- Vulnerability disclosure
- Security incident response
- Network and application security
- Multi-factor authentication
- Phishing and fraud prevention
- Security awareness training
- Informational security
Responsible Disclosure
Responsible disclosure policy
Syncro fully understands our responsibility to protect our systems, including any and all of your data that we hold. We’re committed to engaging in an ongoing and transparent dialogue with the security community to improve security-related measures when and where needed. Responsible disclosure of security vulnerabilities helps ensure the privacy and security of all our users.
Send an email to security@syncromsp.com if you find a potential vulnerability in our product or to discuss any security concerns.
We aim to acknowledge and triage messages within 24 to 48 hours (2 business days) from submission.
Syncro will define the severity of the potential exploit based on its impact and reach. It can take some time to validate findings, as sometimes things have reach that isn’t obvious at first glance.
We’ll triage and fix the exploit on a timeline based on the severity of the issue and our policy.
Best Practices for Reporting
Email security@syncromsp.com with sufficient details and information so we can investigate and validate the issue.
A demonstration video (unlisted on YouTube) goes a long way!
A description and an explanation of the impact are always helpful, particularly in instances when we can’t decipher how the report could be exploited. The more details, the better.
Products and domains in scope
- (your_account)(*).syncromsp.com
- *.services.syncromsp.com
- (your_account)(*).repairshopr.com
- *.kabutoservices.com
- The Syncro Windows agent
- The Syncro Mac agent
Qualifying vulnerabilities
- Remote code execution (RCE)
- SQL/XXE injection and command injection
- Cross-site scripting (XSS)
- Server-side request forgery (SSRF)
- Access, Authentication, and authorization-related issues
- Cross-site request forgeries (CSRF)
Non-qualifying vulnerabilities
- Host header and banner-grabbing issues
- Automated tool scan reports e.g., web, SSL/TLS scan, Nmap scan results
- Missing HTTP security headers and cookie flags on insensitive cookies
- Rate limiting, brute force attack
- Login/logout CSRF
- Session timeout
- Unrestricted file upload
- Open redirections
- Vulnerabilities that require physical access to the victim machine
- User enumeration such as user email, user ID, etc.
- Phishing or spam (including issues related to SPF, DKIM, and DMARC)
- Vulnerabilities found in third-party services
- EXIF data not stripped on images
Found a vulnerability? Email security@syncromsp.com if you think you’ve found something.
Try Syncro for Free!
Take us for a test drive and discover how our integrated IT management platform can amplify your day-to-day efficiency. Whether you lead a growing MSP or a busy IT team, our intelligent RMM, PSA, and other smart features can save you time without compromising service delivery.
Try Syncro for Free!
Take us for a test drive and discover how our integrated IT management platform can amplify your day-to-day efficiency. Whether you lead a growing MSP or a busy IT team, our intelligent RMM, PSA, and other smart features can save you time without compromising service delivery.