Bounty Hunter & Vulnerabilities

 

Objective

Our security policy governs the handling of vulnerability reports related to our publicly accessible websites and services. It ensures that reports are processed efficiently and consistently. We only accept qualified vulnerabilities with the criteria defined in the policy. We are grateful for every report and will follow up on it if it aligns with our policy.

Principles of Our Vulnerability Policy

  • Gratitude and Collaboration: We are grateful for all reports submitted in accordance with our policy and value collaboration with the security community.
  • Thorough Review: Every report is carefully reviewed to assess its relevance and potential impact.
  • Feedback: We ensure that submitters of qualified vulnerabilities receive feedback within a reasonable timeframe.
  • Respect and Confidentiality: All submitted reports are handled with mutual respect and treated confidentially.
  • Data Protection: Reports are received in compliance with applicable data protection laws and with the utmost care in handling personal data.
  • Clear Guidelines: We only accept vulnerability reports that meet the criteria defined in our policy.
  • Promoting Security: Our goal is to continuously improve the security of our systems by addressing reported vulnerabilities.
  • Impartiality: All reports are treated fairly and objectively, regardless of the person or organization submitting them.

Rules of Conduct

  • No Unauthorized Attacks: Any form of attack is strictly prohibited, especially those that endanger our systems or employees.
  • No Disclosure Without Consent: Vulnerabilities must not be disclosed to third parties or published without our explicit permission.
  • Reporting Malicious Intent: If criminal or intelligence-related intentions are detected, they will be promptly reported to the relevant authorities.

Qualified Vulnerabilities

  • Remote Code Execution (RCE): Exploits that allow unauthorized execution of code on our systems.
  • SQL Injection: Vulnerabilities that allow unauthorized access or manipulation of database content.
  • Cross-Site Scripting (XSS): Attacks that inject malicious scripts into web applications.
  • Disclosure of Internal Information: Unauthorized access to internal system information or sensitive data.
  • Unauthorized Access to Accounts: Exploits that allow unauthorized access to user or administrative accounts.
  • Configuration: Misconfigurations of systems, networks, or services that compromise the confidentiality, integrity, or availability of services or information.
  • Backdoors: Identifying and exploiting possible backdoors.
  • Zero-Day Exploits: Proven ability to exploit zero-day vulnerabilities.
  • Insecure Design/Insecure Implementation: Proven lack of or weak control design that compromises the integrity, confidentiality, or availability of systems, networks, or services.
  • Outdated Software or Libraries: Outdated software, libraries, plugins, or add-ons that have been proven to compromise the security of the services or software.
  • Identification and Authentication: Unauthorized successful authentications or unauthorized access that affect the confidentiality, integrity, or availability of information, systems, or other Teamwire entities.
  • Software and Data Integrity Failures: Software and data integrity failures relate to code and infrastructure that do not protect integrity against violations.
  • Server-Side Request Forgery (SSRF): SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL.

Submission of Reports

You can report vulnerabilities to our security department. All reports should include the following information:

 

  • A detailed description of the vulnerability.
  • Steps to reproduce and exploit the vulnerability.
  • Relevant technical details (logs, screenshots, code, etc.).
  • After successful review, only safe attachments will be processed (e.g., general plaintext files, .txt, .png, .jpg). Archive files, whether executable or not, will not be processed.
  • Contact information for follow-up questions.

 

We reserve the right to reject reports that are incomplete, unclear, or violate this policy.

 

All qualified reports can be submitted here: https://support.teamwire.eu/

Appreciation

We sincerely thank all individuals who help and support us in improving the security of our systems. Your contributions are highly valued and appreciated. This policy aims to express our gratitude while setting clear and firm guidelines for collaboration.

Final Remarks

We value your efforts to improve the security of our systems and will carefully review submitted reports, provided they meet the criteria outlined above.