Legapass offers its users (individuals, small businesses, SMEs) a solution to ensure the transmission of their sensitive data (passwords, private keys, etc.) in complete confidentiality in case of death or disaster.
It is the equivalent of a bank safe adapted to the digital age.
Security is very important to us and this Bug Bounty program shall help us meet highest industry standards to offer the most secure service and experience to all parties.
Emails, social networks, cloud, cryptocurrencies,... are part of our daily life. The digital part of our wealth is constantly increasing.
What happens if something happens to us?
Our accounts become inaccessible, our memories and investments lost, for professionals it's business interruption.
We have designed Legapass as a totally secure space where users can register the codes that open access to their digital assets.
We ensure the conservation of these data off-line as well as a strict restitution process with identity verification for the benefit of the designated beneficiaries, all under the control of a bailiff.
Please adhere to the following rules while performing research on this program:
We are happy to thank everyone who submits valid reports which help us improve the security of Legapass, however only those that meet the following eligibility requirements may receive a monetary reward:
Reward amounts are based on:
Pay attention that the domain to be tested is bounty.legapass.com, it's a clone of app.legapass.com which is out of scope.
Please do not test the captcha service (Friendly Captcha) and the chat (Crisp)
You can find more informations about our services on https://legapass.com
In the context of this program, we do not intend to encourage, accept or reward reports of leaks that are not applicable to our program’s scope and identified outside of our program’s scope, such as:
Also, in order not to encourage dark and grey economies, in particular the purchase, resale and trade of identifiers or stolen information, as well as all types of dangerous behavior (e.g. social engineering, ...), we will not accept or reward any report based on information whose source is not the result of failure on the part of our organization or one of our employees/service providers.
This excludes, but is not limited to:
Source of leak is in-scope | Source of leak belongs to MyCompany but is out-of-scope | Source of leak does not belong to MyCompany and is out-of-scope | |
---|---|---|---|
Impact is in-scope (e.g. valid credentials on an in-scope asset) | Eligible | Eligible | Not Eligible |
Impact is out-of-scope (e.g. valid credentials for an out-of-scope asset) | Eligible | Not Eligible | Not Eligible |
As a complement to the Program’s rules and testing policy :
Scope Type | Scope Name |
---|---|
web_application | https://bounty.legapass.com |
Scope Type | Scope Name |
---|---|
web_application | https://legapass.com |
web_application | app.legapass.com |
web_application | mailing.legapass.com |
web_application | url1490.legapass.com |
web_application | 29544328.legapass.com |
web_application | mato.legapass.com |
This policy crawled by Onyphe on the 2023-06-22 is sorted as bounty.
FireBounty © 2015-2024