Banner object (1)

Hack and Take the Cash !

684 bounties in database
11/09/2018

Reward

500 $ 

VeraCrypt

VeraCrypt is an open-source utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file or encrypt a partition or the entire storage device with pre-boot authentication.

Reporting a security issue in VeraCrypt

To report a security issue in VeraCrypt, e-mail veracrypt@idrix.fr.

Accepted reports must follow VeraCrypt's Security Model __.

PGP Public Key __for contact.

Disclosure Policy

  • Let us know of any potential vulnerabilities as soon as possible, and we will make every effort to resolve the issue quickly.
  • Share with us the full details of any vulnerability, including steps to reproduce, if applicable.
  • Provide us a reasonable amount of time to fix the issue before disclosure to the public or a third-party.
  • Try to avoid degradation of systems, destruction of data, or privacy violations.

We will make every effort to abide by HackerOne's disclosure guidelines.

Internet Bug Bounty Qualification

Only critical vulnerabilities that demonstrate complete compromise of the system's integrity or confidentiality are eligible for a bounty - typically Arbitrary Code Execution or equivalent impact. While we encourage you to submit all potential issues, lower severity issues are not in scope at this time.

Impact | Amount
---|---
High Demonstrate that remote exploitation of this bug can be easily, actively, and reliably achieved. | $2,500+
Medium Demonstrate that remote exploitation of this bug is very likely (e.g. good control a register). | $1,250
Minimum Demonstrate the presence of a security bug with probable remote exploitation potential. | $500

Additionally, any bugs that can cause broad information disclosure or decryption of information within containers or encrypted drives will be considered.

Awards are increased for fixes that include giving the developers any custom tools that you developed to locate the bugs, as it provides a longevity boost to your work and eliminates the chances for regressions or reintroducing similar bugs of the same class. Make sure your tools have documentation and proper commenting in the code so that the developers can utilize / enhance / improve upon your work in the future to receive increased awards.

The project maintainers have final decision on which issues constitute security vulnerabilities. The Internet Bug Bounty Panel __will respect their decision, and we ask that you do as well.

Only versions currently supported by the upstream project are eligible. Please verify your issue is present in a current release before submission. Note that other forks of TrueCrypt and any fork of VeraCrypt code are not eligible.

It's important to keep in mind that not all submissions will qualify for a bounty, and that the decision to award a bounty is entirely at the discretion of the Panel.

Thanks
Gift
Hall of Fame
Reward


List your Bug Bounty for free immediately!

Contact us if you want more information.

FireBounty (c) 2015-2018