On April 23, 2018, HSRC (Hikvision Security Response Center) received the report of "Insecure Cookie Handling" vulnerability in "hik-connect.com" from Vangelis Stykas and George Lavdanis.
HSRC has immediately checked all cloud service platforms, confirming that only "hik-connect.com" was affected. All repairs have been completed by 2 p.m. on April 24.HSRC is not aware of any public or malicious use launch to attack through the vulnerability described in this advisory.
This vulnerability was reported to HSRC by Vangelis Stykas & George Lavdanis. HSRC would like to thank Vangelis Stykas & George Lavdanis for working with us and coordinating vulnerability disclosure to protect our customers.