At ZOHO, keeping customer's data secure
is our number one priority
We encourage responsible reporting of any security vulnerabilities that may be
found in our services.
You can share details of the suspected vulnerability with Zoho by clicking
below SUBMIT BUG
Note before you post a BUG
- Provide details of the vulnerability including information needed to reproduce and validate the vulnerability and also provide a Proof of Concept (POC)
- Make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our services
- Do not modify or access data that does not belong to you
- Give us a reasonable time to correct the issue before making any information public
- We would also request you not to consider any social engineering or denial of service type of attack in the scope of white hat testing
Domains and Applications within the scope of the program
- All the applications listed in our zoho.com website - *.zoho.com
- All Zoho branded mobile apps and client side applications
- Bounty will be awarded at the discretion of Bug Bounty Panel
- Only one bounty per security bug will be awarded and previously reported vulnerabilities will not be rewarded
- If you choose to donate the bounty to a recognized charity, we will match your donation (subject to our discretion) so that the charity gets double the bounty amount.
- Rewards are paid only to individuals.
- Rewards that go unclaimed after 3 months will be donated to a charity of Zoho's discretion. Thus the bounty cannot be reclaimed by the awardee after that period.
- Individuals who are on sanctions list and who are in countries on sanctioned list are not eligible
- We will acknowledge your contribution in our 'Hall of Fame' unless you would prefer to remain anonymous
- Injection attacks
- Cross-Site Scripting (XSS)
- Remote Code Execution (RCE)
- Cross-Site Request Forgery (CSRF)
- Broken Authentication
- Authorization Flaws / Privilege Escalation
- Directory Traversal
- Sensitive Information leaks or disclosure
Non Qualifying Vulnerabilities
Note of thanks
We would like to truly thank the people listed in the Hall of Fame for their
participation in the program and for making a responsible disclosure of the
Hall Of Fame for
Be the first one for this year ! SUBMIT BUG
No Hall of Fame entries this year !
© 2018, Zoho Corporation Pvt. Ltd. All Rights Reserved.