HotDoc

We hope your testing is going well. Here is an update that should make things a bit more interesting!

There have been some recent changes/updates to HotDoc Dashboard on the HotDoc program. We highly recommend you take a look at this additional attack surface – which hopefully means more vulnerabilities! Here is what’s new:

What's the feature about?

Dashboard user switching feature adds a dropdown in the Dashboard UI (check out https://support.hotdoc.com.au/hc/article_attachments/4406125332249/Fallies_demo.png) which lists all the clinics the current user has access to.

How do I switch between clinics?

• Once logged in to the Dashboard, at the top left hand side click the drop-down next to the name of your clinic
• Select the Dashboard you would like to access

How does it work?

It works by changing the acting-for header in the request. The acting-for header is the id of the clinic to switch to.

How do I quickly access this feature?

We have added another dropdown to choose the clinic type when creating a new clinic. Go to bugcrowd.hotdoc.com.au/clinic_users/new and select one of the "multiple clinics" options to create a new user with access to more than one clinic. If you choose Multiple Clinics sharing the same Practice Management Database, your account will be created with access to three clinics sharing the same Practice Management Database. If you choose Multiple Clinics under the same Company, your account will be created with access to three clinics under the same company.

As always, please see the program brief for the full details around testing. If you have any questions, please reach out to support@bugcrowd.com.

Get out there and lay claim to those bugs!