Banner object (1)

Hack and Take the Cash !

844 bounties in database
  Back Link to program      
30/06/2015
Simple logo
Thanks
Gift
Hall of Fame
Reward

Reward

100 $ 

Simple

Simple offers a bank account that has all the tools you need to manage your money built right in. The funds in your Simple account are held by our partner bank, BBVA Compass, Member FDIC. Simple provides everything else, including the Simple Visa® Card, our powerful iOS and Android apps, a beautifully designed web interface, and customer support that really cares.

Simple understands the devotion and effort that security work requires. As such, we encourage (and reward) the responsible disclosure of any vulnerabilities to us.

For the initial prioritization/rating of findings, this program will adhere to the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
Please see below for exclusions specific to this program.

Reward Range

Last updated 2 Oct 2018 19:33:07 UTC

Technical severity | Reward range
---|---
p1 Critical | Starting at: $3,000
p2 Severe | Starting at: $900
p3 Moderate | Starting at: $300
p4 Low | Starting at: $100

P5 submissions do not receive any rewards for this program.

Targets

In scope

Target name | Type
---|---
*.simple.com | Other
Simple for iOS | iOS
Simple for Android | Android

Out of scope

Target name | Type
---|---
cmail.simple.com | Website
email.simple.com | Website
links.simple.com | Website
All third party applications not under Simple's control. | Website

If available, please include the value of the X-Simple-Request-Id Response header in your submission to help us more quickly validate your findings.

Focus Areas:

Out of Scope / Additional Information:

  • Do not use vulnerabilities to access, modify, harm, or otherwise alter any Simple (or its customers') data.
  • Do not exploit vulnerabilities except for purposes of demonstrating it to Simple personnel.
  • Please contact us through the Bugcrowd Crowdcontrol Platform if you are unsure of exploitability and we will work with you to verify it safely.
  • Note: US based researchers may apply for an account, however, approval may take up to one week. Non-US based researchers may conduct unauthenticated testing as well as mobile testing.

The following finding types are also excluded from the bounty:

  • Disclosure of known public files or directories, (e.g. robots.txt).
  • Rate Limiting/Email Flood on /forgot-username and /forgot-password endpoints
  • Email Spoofing due to Missing or Misconfigured DMARC on Email Domain. (Simple adheres to a quarantine policy of 100%.)

Program rules

This program follows Bugcrowd’s standard disclosure terms.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

This bounty requires explicit permission to disclose the results of a submission.

In Scope

Scope Type Scope Name
android_application

Simple for Android

ios_application

Simple for iOS

web_application

*.simple.com

Out of Scope

Scope Type Scope Name
web_application

cmail.simple.com

web_application

email.simple.com

web_application

links.simple.com

web_application

All third party applications not under Simple's control.


On this program you get up to 3000 $ for the most critical vulnerability.

FireBounty © 2015-2019

Legal notices