CoreTech working hard on security to keep service safe as possible but we know that some bugs are not discovered yet.
If you believe you've found a security issue in the services listed in our scope (TARGET), we will work with you to resolve it promptly and ensure you are fairly rewarded for your discovery.
Min € | Max € | Type |
Hall of Fame |
Low 1-2-3-4 Blind vulnerability, possibility to exploit the vulnerability for phishing |
|
150 € | 300 € |
Medium 5-6 Viewing or stealing by a single user (unsystematic), System slowdowns (server machine), Decrypting data, Viewing application data |
400 € | 800 € |
High 7-8-9 Access to sensitive data of all users, Access or theft of data of a target user or multiple users, Access to important system data |
1000 € | 2000 € |
Critical 10 Critical access to systems, ability to encrypt servers, major damage to society |
CoreTech may provide rewards to eligible reporters of qualifying vulnerabilities. Rewards amounts vary depending upon the severity of the vulnerability reported.
CoreTech keeps the right to decide if the minimum severity threshold is met and whether the scope of the reported bug is actually already covered by a previously reported vulnerability. Rewards are granted entirely at the discretion of CoreTech. To qualify for a reward under this program, you should
If the reported vulnerability, after an evaluation by the CoreTech staff, is not among the paid ones, a score that can be viewed in the hall of fame will be assigned. Upon reaching 50 CoreTech points it will allow you to redeem an economic prize worth 50 euros.
We pay by:
Type | Description | Risk level |
File Injection |
|
|
Broken Authentication |
|
|
Sensitive data Exposure |
|
|
Vulnerable and Outdated Components |
|
|
Command Injection |
|
|
SQL Injection |
|
|
Cryptographic Failures |
|
|
Broken Access Control |
|
|
XSS |
|
|
Access to Systems |
|
|
Session Hijacking |
|
|
We are happy to work with everyone who submits valid reports which help us improve our security.
However, only those that meet the following eligibility requirements may receive a monetary reward:
We intend to respond and resolve reported issues as quickly as possible. This means that you will receive progress updates from us at least every five working days. Note that posting details or conversations about the report or posting details that reflect negatively on the program and the CoreTech brand, will result in immediate disqualification from the program.
Out of scope security bugs are currently not eligible for monetary rewards and will be handled as a responsible disclosure. We will do our best to give you vouchers or some cool gifts if your report provokes changes in our side.
To report a valid vulnerability we kindly ask you to:
Nickname | Reports | Point |
---|---|---|
m0m0x01d | 3 | / |
jsafe | 1 | / |
Ninebrainer | 1 | / |
Yogesh | 1 | / |
jayalakshmi | 3 | / |
Sohit Kumar Mahato | 17 | 310 |
BrainStorm (aka Davide Bonsangue) | / | / |