Přihlásit se
Vytvořit účet
Čeština
English
Le français
Domovská stránka
Bug Bounty - Síň slávy
Found a bug or security issue in our project?
See
https://app.certifix.eu/security.txt
for more info
Bug Bounty Policy
: See examples of repeated or unacceptable reports here
Hall of Fame
2024-11-26 -
Hassan Jaleel
- TLS-RPT record missing - 0,00 €
2024-05-26 -
Pruthu Raut
- MTA-STS record missing - 10,00 €
2024-05-17 - Himanshu Sondhi - SRI missing - 0,00 €
2024-05-17 - Himanshu Sondhi - Outdated jQuery library - 0,00 €
2023-12-25 -
Mridul Rastogi
- Password recovery process info leak - 0,00 €
2021-07-14 -
Kiran Ghimire
- Registration process logical issue - 0,00 €
2021-06-25 -
Kunal Mhaske
- Session expiration when changing password - 25,00 €
2021-01-18 -
Prajwal Khante
- HTML injection (XSS) with HTTP Referer header - 20,00 €
2020-12-09 -
Zin Min Phyo
- Filetype (mime/extension) confusion when uploading evidencing files - 15,00 €
Reported also by:
2020-12-22 -
Akash Chauhan
2020-10-01 -
Kinshuk Kumar
- E-mail sent links not expiring - 15,00 €
2020-09-12 -
Aditya Soni
- crash in the password reset field using IDN homographic value - 10,00 €
2020-09-02 -
Akshay Parse
- user's fullname length was restricted too little - 5,00 €
2020-08-30 -
Akshay Parse
- registration process logical flaw - 15,00 €
Reported also by:
2023-12-25 -
Milan Jain
2020-08-09 -
Rashid P
- WP-Cron exposal / DoS risk - 5,00 €
2020-08-08 -
Kinshuk Kumar
- missing DMARC policy on associated domain - 0,00 €
2020-08-07 -
Sai ViNay Reddee
- regression on session fixation - 10,00 €
2020-07-10 -
Ronit Bhatt
- hyperlink injection in user's name - 20,00 €
2020-07-08 -
Keshav Malik
- Account Lockout not Being Enforced - 25,00 €
2020-07-08 -
Keshav Malik
- password complexity not validated - 15,00 €
Reported also by:
2020-07-15 -
Nishant N. Lungare
2020-07-06 -
Keshav Malik
- session fixation / invalidate user sessions on logout - 20,00 €
2020-07-02 -
Akshay Parse
- no rate limit on form submit actions - 25,00 €
Reported also by:
2020-07-06 -
Keshav Malik
2020-07-06 -
Ajaysen R
2020-07-01 -
Aamir Usman Khan
- stored XSS in document info - 20,00 €
2020-07-01 -
Aamir Usman Khan
- password length policy - 5,00 €
2020-06-28 -
Bilal Abdul Muqeet
- WP JSON API allowed for unauthenticated users - 10,00 €
2020-06-25 -
Kunal Mhaske
- invalidate all user sessions once the new password is set - 30,00 €
2020-05-14 -
Kunal Mhaske
- incorrect security on refererr, switched to origin-when-cross-origin - 25,00 €
2020-03-11 -
Kunal Mhaske
- email bombing on forgot password function - 10,00 €
2020-03-01 -
Kunal Mhaske
- missing DMARC policy on certifix.eu/certifix.cz - 10,00 €