Responsible Disclosure

The integrity and safety of our customers' data is top priority for us. We go to great lengths providing a safe environment, but we are not as naïve to think our systems are bullet proof. There may be instances, where security flaws exist in our systems.

Responsible Disclosure Program is paused until Q4 2022

TL;DR

  • The security bug must be original and previously unreported.
  • You should use your best effort not to access, modify, delete, or store User Data
  • Lack of clickjacking protection (XFO, CSP) is insufficient to claim a bounty
  • No other sites or subdomains than those listed in the table below is eligible for a bounty
  • We kindly ask of you not to remind us or ask about the status of a disclosure previously reported. It is not going to speed things up.

Scope

Bug classification hackme.kaddio.com
  Remote Code Execution $30
  Unauthorised Data Access $30
  Authentication Bypass $30
  Database Injection $30
  Domain Takeovers $20
  Vulnerabilities with encryption $20
  Other HoF

Exclusions

  • Social engineering attacks (phishing)
  • Spam and flaws related to DKIM, SPF or DMARC
  • Denial-of-service attacks
  • Rate limiting issues

Our Responsible Disclosure program is paused until Q4 2022

Kaddio Responsible Disclosure
Jan 5, 2022

Kaddio Security Researcher Hall of Fame

Date Researcher
2021, Dec Yash Chavhan
2021, Nov Saransh Saraf (MR23R0)
2021, Nov Akash Rajendra Patil
2021, Nov Yash Chavhan
2021, Sept Arjun E
2021, July Anjan Neema
2021, July Kartik Khurana
2020, October Mohd Asif Khan
2019, June Tarun Mahour -Abhaychandra Chede
2019, January Sameer Phad
2018, August Vipul Zilpelwar
2018, July Ismail Tasdelen
2018, July k.karthickumar - Cisco Systems Chennai
2018, June Maulik Vaidh, @Maulik1827
2018, May Jineesh Ak
kaddio.com använder inga kakor och vi spårar dig inte.