Versions Compared

Old Version 53

changes.mady.by.user Laurie Tyzenhaus

Saved on

compared with

New Version 54

changes.mady.by.user Laurie Tyzenhaus

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The VINCE  allows for you to anonymously report vulnerabilities! However, if you wish to participate in the coordination process, including discussions with vendors and researchers/reporters, then an account is required. VINCE was designed and created to encourage the interaction between vendors and reporters.  An potential benefit is that multi-vendor coordination efforts may become more cooperative – with vendors sharing information on how to mitigate the vulnerability.

CERT Vul Reporting FormImage ModifiedImage Removed


Getting an account

...

  1. Navigate to the VINCE site.
  2. Click on "Create an Account".
  3. Complete the VINCE form.
  4. Wait for an email response granting your access.


Image RemovedImage Added

...

Completing the VINCE form

...

When signing up for a VINCE account the user needs to provide a valid email address to receive the confirmation code to verify your account.

Email containing confirmation codeImage Modified

Once you receive the access code please:

...

  1. Enter the code into the form

    Enter the confirmation code and submit the form.Image Modified

  2. Click "Submit".

...

  1. VINCE coordinator reviews your account for approval.
  2. Upon approval,
    1. You will receive an email indicating your account has been approved and you are directed to kb.cert.org/vince to log on.
      VINCE approval emailImage Modified

    2. If you have your browser open and the approval came quickly, you may also have a popup box indicating you can now login.

    VINCE approval popupImage Modified


...

Login first time - Multi-Factor Authentication Required

First-time loginImage Modified

VINCE currently offers a choice

  1. Time-based one-time (TOTP) passwords as second factor authentication. To use TOTP, you need access to an app such as Google Authenticator, Duo, or LastPass Authenticator.
  2. Short Message Service (SMS) text messages

Select the multi-factor authentication methodImage Modified

...


TOTP

  1. Select "TOTP"
  2. The system generates an image that is scanned into your device, running an application, and displays a scan code on your screen
  3. Scan the code image into your authentication application.  This action should generate a numeric code.
  4. Enter that temporary password (or code).
  5. (Optional) Name that device, software or application, so you may easily access the correct code generator.

    TOTP code to link your authorization application.Image Modified

  6. You will have two forms of confirmation your account has successfully enabled TOTP Multi-factor authentication on your account.
    1. Web page indicating success and displaying your "User Profile"
      Image Modified

    2. An email message
      Image Modified


...

SMS

  1. Select "SMS".
  2. Enter the phone number you will use to receive text messages containing an authorization code.
    1. Use the International format as follows: + (country code) phone number
    2. If you have a United States number, please use +1 NPA-XXX-XXXX
       (NPA: Numbering plan Area is also know as "area code")
      Image Modified
  3.  Click "Submit".
  4. Verify your account by entering the authorization code contained in the text message.

    Image Modified

  5. You will have two forms of confirmation your account has successfully enabled SMS Multi-factor authentication on your account.
    1. Web page indicating success and displaying your User Profile.

      Image Modified

    2. An email message.

      Image Modified

...

Password Recovery

...

  1. Failed login attempt.
    1. A failed login attempt will display a reminder that the user email address and password are case sensitive.
    2. Within this box are two options:
      1. 1. "Forgot your password?"
      2. 2. "Signup for a VINCE account".


      Failed login attemptImage Modified

  2. VINCE Password Reset.
    1. Enter the email address for a password reset.
    2.  Click "Submit".

      Image Modified

    3. Or, Click "Need help?"
    4. Clicking on "Need help?" will display the VINCE Account Help providing:
      1. The link to reset your password;
      2. Telephone number to request assistance;
      3. Email address to request assistance.


      Vince account helpImage Modified

  3. If you have entered your Email address and clicked on "Submit" in the VINCE Password Recovery form, you should receive a VINCE generated email message.
    1.  Your email should have a message with a verification code.
      Email confirmation code - password resetImage Modified
      1. If you have not received an email, please check your spam folder
      2. Go back and re-enter the email address.
      3. If your email address has changed, please use the VINCE Account Help to get your current email address updated in the VINCE system.

        Image Modified
    2. Enter the verification "Code".
    3. Enter the "New Password" (password requirements are the same).
    4. "Please re-enter Password".
    5. Click on "Submit".

      Image Modified

    6. VINCE will respond with Password Reset Complete message .
    7. Click the "Login" button to login in with the new password.


Password reset complete - now loginImage Modified







...


  •  2FA required
  •  Recover/reset account
  •  Want to be anonymous? See FAQ, can report without creating account.

...