Vulnerability Report

Listed below are potential vulnerabilities raised against ERA products, software and services. In addition to the issues raised are the actions taken by ERA Home Security Ltd.

Date Raised	Vulnerability	Date of Response	ERA Response

4th December 2023	Certificate Authority Authorization issue. eraeverywhere.com	4th December 2023	Resolved
4th December 2023	Email address recognition. eraeverywhere.com	4th December 2023	Resolved
4th December 2023	Victim Flooding. eraeverywhere.com	4th December 2023	Resolved
6th November 2019	SSL cookie without secure flag set - responseelectronics.com	2019	Resolved
7th November 2019	Vulnerable version of the library 'jquery' found – eraeverywhere.com	2019	Resolved
11^th November 2019	Vulnerable version of the library 'jquery' found - responseelectronics.com	2019	Resolved
11th November 2019	Account takeover using CSRF - responseelectronics.com	2019	Resolved
11th November 2019	Cookie without Http Only flag set – responseelectronics.com	2019	Resolved
11th November 2019	Cookie without Http Only flag set – eraeverywhere.com	2019	Resolved
11th November 2019	Cookies were issued by the application and do not have the secure flag set – eraeverywhere.com	2019	Resolved
11th November 2019	Vulnerable version of the library 'angularjs' found – eraeverywhere.com	2019	Resolved