The integrity and safety of our customers' data is top priority for us. We go to great lengths providing a safe environment, but we are not as naïve to think our systems are bullet proof. There may be instances, where security flaws exist in our systems.
Responsible Disclosure Program is paused until Q4 2022
TL;DR
- The security bug must be original and previously unreported.
- You should use your best effort not to access, modify, delete, or store User Data
- Lack of clickjacking protection (XFO, CSP) is insufficient to claim a bounty
- No other sites or subdomains than those listed in the table below is eligible for a bounty
- We kindly ask of you not to remind us or ask about the status of a disclosure previously reported. It is not going to speed things up.
Scope
| Bug classification | hackme.kaddio.com |
|---|---|
| Remote Code Execution | $30 |
| Unauthorised Data Access | $30 |
| Authentication Bypass | $30 |
| Database Injection | $30 |
| Domain Takeovers | $20 |
| Vulnerabilities with encryption | $20 |
| Other | HoF |
Exclusions
- Social engineering attacks (phishing)
- Spam and flaws related to DKIM, SPF or DMARC
- Denial-of-service attacks
- Rate limiting issues
Our Responsible Disclosure program is paused until Q4 2022
Kaddio Responsible Disclosure
Jan 5, 2022
Kaddio Security Researcher Hall of Fame
| Date | Researcher |
|---|---|
| 2021, Dec | Yash Chavhan |
| 2021, Nov | Saransh Saraf (MR23R0) |
| 2021, Nov | Akash Rajendra Patil |
| 2021, Nov | Yash Chavhan |
| 2021, Sept | Arjun E |
| 2021, July | Anjan Neema |
| 2021, July | Kartik Khurana |
| 2020, October | Mohd Asif Khan |
| 2019, June | Tarun Mahour -Abhaychandra Chede |
| 2019, January | Sameer Phad |
| 2018, August | Vipul Zilpelwar |
| 2018, July | Ismail Tasdelen |
| 2018, July | k.karthickumar - Cisco Systems Chennai |
| 2018, June | Maulik Vaidh, @Maulik1827 |
| 2018, May | Jineesh Ak |