The integrity and safety of our customers' data is top priority for us. We go to great lengths providing a safe environment, but we are not as naïve to think our systems are bullet proof. There may be instances, where security flaws exist in our systems.
General elegibility
- The security bug must be original and previously unreported.
- You should use your best effort not to access, modify, delete, or store User Data
- Lack of clickjacking protection (XFO, CSP) is insufficient to claim a bounty
- No other sites or subdomains than those listed in the table below is eligible for a bounty
Scope
| Bug classification | demo.kaddio.com | call.kaddio.com | kaddio.com |
|---|---|---|---|
| Remote Code Execution | $30 | $20 | HoF (Hall of Fame) |
| Unauthorised Data Access | $30 | $20 | HoF |
| Authentication Bypass | $30 | $20 | HoF |
| Database Injection | $30 | HoF | HoF |
| Domain Takeovers | $20 | $20 | $20 |
| Vulnerabilities with encryption | $20 | $20 | HoF |
Exclusions
- Social engineering attacks (phishing)
- Spam and flaws related to DKIM, SPF or DMARC
- Denial-of-service attacks
- Rate limiting issues
We will investigate all reports and keep you in the loop. As a small company we cannot provide much of a Bug Bounty, altough we will mention you on our HoF-page. When you're disclosing an issue, please include your name, Type of bug, a Proof of Concept and the Domain. We encourage you, if you've discovered a vulnerability in our systems to help us improve: vulnerability@kaddio.com
Kaddio Responsible Disclosure
May 20, 2019
Kaddio Security Researcher Hall of Fame
| Date | Researcher |
|---|---|
| 2019, June | Tarun Mahour -Abhaychandra Chede |
| 2019, January | Sameer Phad |
| 2018, August | Vipul Zilpelwar |
| 2018, July | Ismail Tasdelen |
| 2018, July | k.karthickumar - Cisco Systems Chennai |
| 2018, June | Maulik Vaidh, @Maulik1827 |
| 2018, May | Jineesh Ak |