Security

Reporting Vulnerabilities

If you discover a security vulnerability in IMTerm, please report it responsibly to security@infomanta.com. We take all reports seriously and will respond promptly.

Security Features

• Authentication with bcrypt password hashing
• Role-based access control (Admin / User / View-Only)
• Full audit log with 96 structured IMTE message IDs
• TLS 1.2+ enforcement on all connections
• Security headers: Content-Security-Policy, HSTS, X-Frame-Options, X-Content-Type-Options
• WebSocket origin validation and 64KB message size limit
• SSH trust-on-first-use (TOFU) host key verification
• No sensitive data stored in the browser
• Session tokens: HttpOnly, Secure, SameSite=Strict cookies

Static Binary

IMTerm ships as a static binary with zero runtime dependencies, minimizing the attack surface. Dependencies are audited with go-licenses and npm audit.