46829 policies in database

Link to program

2017-06-29

2019-08-06

Thank

Gift

HOF

Reward

WakaTime

In Scope

wakatime.com
api.wakatime.com (web only, not used for email)

We recently added a new feature: Profile Image Uploading

Please test image uploads first, since most other features have already been tested thoroughly:

https://wakatime.com/settings/profile/photo

Out of Scope Vulnerabilities

Vulnerabilities below will be marked NA or Informative.

Session Fixation (We use session cookies and we like them http://bit.ly/2tw19Gd)
Insufficient Session Expiration
Weak Password Policy (See http://bit.ly/2uFjwXt)
Password Reuse (We allow any password, even passwords used previously)
CSRF Cookie Without 'HttpOnly' Flag
Beast Attack (Fixed in browsers not sever)
Username Enumeration
Software version disclosure
Denial of service
Spamming
Phishing
Social engineering

Please consolidate the same vulnerability reports when only the page/url/params changes.

View changes to this policy

The progam has been crawled by Firebounty on 2017-06-29 and updated on 2019-08-06, 194 reports have been received so far.

FireBounty © 2015-2024

Legal notices | Privacy policy

Company Name

Your Email

Url

Min reward

Thank Gift HOF Reward

Rules

captcha

The "ADD VDP" form is not intended to collect personal data. We invite you to use a non-identifying email address. However, if you provide an email address that identifies you, YesWeHack will collect, publish and store this personal data as the data controller in order to respond to your request (legitimate interest of YesWeHack). The user may object to the processing of their e-mail address by clicking on the box below. Details of the processing carried out by YesWeHack can be found in our privacy policy.

I do not want my email address to be processed (publication, storage)