Bounty Hunter & Vulnerabilities | Teamwire App

Bounty Hunter & Vulnerabilities

Aim

Our security policy governs the handling of reports about vulnerabilities related to our publicly accessible websites and services. It ensures that reports are processed efficiently and consistently. We only accept qualified vulnerabilities that meet the criteria set out in the policy. We are grateful for every report and will follow up on it if it complies with our policy.

Principles of our Vulnerability Policy

  • Gratitude and cooperation: We are grateful for all reports submitted in accordance with our policy and value cooperation with a community that focuses on security.
  • Review: Each report is carefully reviewed to assess its relevance and potential impact.
  • Feedback: We ensure that submitters of qualified vulnerabilities receive feedback within a reasonable period of time.
  • Respect and confidentiality: All reports submitted are treated with mutual respect and confidentiality.
  • Data protection: When receiving reports, we comply with applicable data protection laws and treat personal data with the utmost care.
  • Clear guidelines: We only accept vulnerability reports that meet the criteria set out in our policy.
  • Promoting security: Our goal is to continuously improve the security of our systems by addressing reported vulnerabilities.
  • Impartiality: All reports are treated fairly and objectively, regardless of the person or organization that submitted them.
    Rules of conduct.

Rules of conduct

  • No unauthorized attacks: JAny form of attack is strictly prohibited, especially those that endanger our systems or employees.
  • No disclosure without consent: Vulnerabilities may not be disclosed to third parties or published without our express permission.
  • Reporting malicious intent: If criminal or intelligence-gathering intent is detected, it will be reported immediately to the relevant authorities.

Qualified vulnerabilities

  • Remote Code Execution (RCE): Exploits that enable unauthorized code execution on our systems.
  • SQL Injection: Vulnerabilities that enable unauthorized access to or manipulation of database content.
  • Cross-Site Scripting (XSS): Attacks in which malicious scripts are injected into web applications.
  • Disclosure of internal information: Unauthorized access to internal system information or sensitive data.
  • Unauthorized access to accounts: Exploits that enable unauthorized access to user or administrator accounts.
  • Configuration: Misconfigurations of systems, networks, or services that compromise the confidentiality, integrity, or availability of services or information.
  • Backdoors: Identification and exploitation of potential backdoors.
  • Zero-Day-Exploits: Proven ability to exploit zero-day exploits.
  • Insecure design/implementation: Proven lack of design control or weak design control that compromises the integrity, confidentiality, or availability of systems, networks, or services.
  • Outdated software or libraries: Outdated software, libraries, plugins, or add-ons that are proven to compromise the security of services or software.
  • Identification and authentication: Unauthorized successful authentications or unauthorized access that compromises the confidentiality, integrity, or availability of information, systems, or other Teamwire entities.
  • Software and data integrity errors: Software and data integrity errors refer to code and infrastructure that does not protect integrity from breaches.
  • Server-Side Request Forgery (SSRF): SSRF errors occur when a web application retrieves a remote resource without validating the URL specified by the user.

Submitting reports

You can report vulnerabilities to our security department. All reports should include the following information:

  • A detailed description of the vulnerability.
  • Steps to reproduce and exploit the vulnerability.
  • Relevant technical details (logs, screenshots, code, etc.).
  • After successful verification, only safe attachments will be processed (e.g., plain text files, .txt, .png, .jpg). Archive files, whether executable or not, will not be processed.
  • Contact information for further questions.

We reserve the right to reject reports that are incomplete, unclear, or violate this policy.

All qualified reports can be submitted here: https://support.teamwire.eu/en

Acknowledgements and Recognition

We would like to thank everyone who helps us improve the security of our systems. Your contributions are greatly appreciated and valued. With this policy, we would like to express our gratitude and at the same time establish clear and firm guidelines for cooperation.

Final remarks

We appreciate your efforts to improve the security of our systems and will carefully review the reports submitted, provided they meet the above criteria.