DANA Wallet is an e-wallet provider in Indonesia. It began operation in July 2017. DANA Wallet Indonesia's headquarter is in Jakarta, Indonesia.
Pay for anything & everything with just a tap of your finger. Experience the convenience of carrying out transactions with ease; from bills, e-commerce payments, to barcode scans in merchants. #GantiDompet now & switch to DANA Digital wallet for faster, safer & more practical payment methods.
Thank you for your interest in the DANA bug bounty program.
We are happy to thank everyone who submits valid reports which help us improve the security of DANA, however only those that meet the following eligibility requirements may receive a monetary reward:
Please test vulnerabilities only against your own accounts. Only use authorized accounts so as not to inadvertently compromise the privacy of our users.
The following list are known vulnerabilities that are known from previous security testing. They are in the process of being fixed, and will not be rewarded.
Rewards are given based on CVSS scoring and actual business impact.
Rating | CVSS score | Bounty |
---|---|---|
None | 0.0 | No bounty |
Low | 0.1 - 3.9 | No bounty |
Medium | 4.0 - 6.9 | $50 - 200 |
High | 7.0 - 8.9 | $400 – 1000 |
Critical | 9.0 - 10.0 | $1500 - 2000 |
In the context of this program, we do not accept or reward reports of leaks that are not applicable to our program’s scope and identified outside of our program’s scope.
Also, in order not to encourage dark and grey economies, in particular the purchase, resale and trade of identifiers or stolen information, as well as all types of dangerous behavior (e.g. social engineering, ...), we will not accept or reward any report based on information whose source is not the result of failure on the part of our organization or one of our employees/service providers.
To summarize our policy, you may refer to this table :
TYPE OF LEAK | SOURCE OF LEAK IS IN-SCOPE | SOURCE OF LEAK BELONGS TO DANA BUT IS OUT-OF-SCOPE | SOURCE OF LEAK DOES NOT BELONG TO DANA AND IS OUT-OF-SCOPE |
---|---|---|---|
Impact is in-scope (e.g. valid credentials on an in-scope asset) | Eligible | Eligible | Not eligible |
Impact is out-of-scope (e.g. valid credentials for an out-of-scope asset) | Eligible | Not eligible | Not eligible |
This excludes, but is not limited to:
Scope Type | Scope Name |
---|---|
android_application | https://play.google.com/store/apps/details?id=id.dana&hl=en |
api | mgs-gw.m.dana.id |
api | api-saas.dana.id |
ios_application | https://apps.apple.com/id/app/dana/id1437123008 |
web_application | https://appgallery.huawei.com/#/app/C100570215 |
web_application | sec.m.dana.id |
web_application | m.dana.id |
Scope Type | Scope Name |
---|---|
web_application | webdev.dana.id |
web_application | wp.dana.id |
web_application | fiat.dana.id |
web_application | cmsdev.dana.id |
web_application | techops.dana.id |
web_application | dm.dana.id |
web_application | encrypt.dana.id |
This policy crawled by Onyphe on the 2021-10-07 is sorted as bounty.
FireBounty © 2015-2024