Introduction

The Kaneva Security Bug Bounty program is to encourage security research and reward those that help make Kaneva a secure and safe place.

Guidelines

All security bugs must meet one of the following criteria to be eligible (for Reward Bounty):

• Unlimited Free Rewards or Credits outside of normal game play
• Remote code execution that gives unrestricted access to the Kaneva servers
• SQL Injection or equivalent
• Significant authentication bypass or info leakage, i.e., take over account without tricking user, view members' encrypted passwords.

The following reported issues are definitely excluded and there is no reward bounty:

• Vulnerabilities in 3rd-party packages. This is forums.kaneva.com, blog.kaneva.com, and docs.kaneva.com.
• Typical XSS
• XSRF, XSSI, Clickjacking, and other common web flaws.
• Social engineering
• Bruteforce denial of service bugs.
• Out of concern for the availability of our services to all users, we ask you to refrain from using any tools that are likely to automatically generate significant volumes of traffic.

Reward Bounty

The first person to report a specific vulnerability will be eligible for getting credit in the Security Hall of Fame.

Investigation and Reporting Process

When investigating a vulnerability, please, only ever target your own accounts. Never attempt to access anyone else's data, and do not engage in any activity that would be disruptive or damaging to your fellow members or to Kaneva.

Please report any vulnerability to [email protected] . Please include a proof of concept or links that explain the method that demonstrates the vulnerability. We will contact you back to validate the bug, look to reproduce it, diagnose it, and fix it.