Company

The Thüringer Aufbaubank (TAB) is the central development institute of the German Free State of Thuringia. It was founded in 1992 as an institution under public law. The tasks of the bank include, in addition to economic development, the promotion of housing and urban development, the promotion of technology, the financing of public customers, agriculture, environmental protection and infrastructure.

Web Applications

Our targets in scope are the web applications listed below. With our web applications, you can submit and manage funding applications to the Thüringer Aufbaubank directly on the Internet. Here you also have the possibility to get detailed information about the processing status of your applications at any time, even if they have not been submitted via the portal.

Program Rules

• We believe that no technology is perfect and that working with skilled security researchers is crucial in identifying weaknesses in our technology.
• If you believe you\'ve found a security bug in our service, we are happy to work with you to resolve the issue promptly and ensure you are fairly rewarded for your discovery.
• Any type of denial of service attacks is strictly forbidden, as well as any interference with network equipment and Thüringer Aufbaubank infrastructure.

Eligibility and Responsible Disclosure

• We are happy to thank everyone who submits valid reports which help us improve the security of Thüringer Aufbaubank however, only those that meet the following eligibility requirements may receive a monetary reward:
• You must be the first reporter of a vulnerability.
• The vulnerability must be a qualifying vulnerability (see below)
• Any vulnerability found must be reported no later than 24 hours after discovery and exclusively through yeswehack.com
• You must send a clear textual description of the report along with steps to reproduce the issue, include attachments such as screenshots or proof of concept code as necessary.
• You must avoid tests that could cause degradation or interruption of our service (refrain from using automated tools, and limit yourself about requests per second).
• You must not leak, manipulate, or destroy any sensitive data (personally identifiable information). If access to sensitive data is necessary it must be limited exclusively to the data necessary to prove the security issue.
• You must not be a former or current employee of Thüringer Aufbaubank or one of its contractor.
• Reports about vulnerabilities are examined by our security analysts.
• Our analysis is always based on worst case exploitation of the vulnerability, as is the reward we pay.
• No vulnerability disclosure, including partial is allowed for the moment.
• You must use a yesWeHack email address if you register an account on one of our web applications to hunt for bugs. You will find your alias in https://yeswehack.com/user/tools/email-alias