savedroid
External Program
Submit bugs directly to this organization
savedroid
#THIS PROGRAM WILL IS NOW CLOSED AND WILL NOT ACCEPT ANY NEW SUBMISSIONS
25-02-2020 - All Hackers participating in the program at any point in time must adhere to the rules of the program they accepted while joining. 25-11-2019 - New Domain gobitcoinking.com is added to the scope. 12-11-2019 - FAQ guide attached to the policy page on how to use savedroid apps and services {F632488} 07-08-2019 - Categorization of the Issues based on severity and priority for savedroid for new Public Bug Bounty Program.
Transfer SVD without Balance Access to Hot Wallets, personal wallets to store the SVD's and trade the crypto SVD's. Buy Crypto without paying for it Get the other user private data Authentication bypass in apps Changing critical functionality of a system which may lead to severe system misuse
Cross account access in apps Stored cross-site scripting (XSS) that can affect other users Flaws that could be used to exploit 3rd-party integration services Unauthorized configuration changes to installed Infrastructure agents Remote code execution (RCE) on savedroid backend services Ability to write data in misconfigured S3 buckets Private Key Leakage
Insufficient validation of incoming URI handler calls for mobile applications leading to information disclosure Misconfigurations resulting in information leaks subdomain takeover
Information leaks (e.g. directory listing, first name and last name of a user) Data leaks from internal systems
#savedroid Bug Bounty Program
[savedroid AG] (www.savedroid.com) specializes in AI technology for cryptocurrency savings. savedroid registered as an Account Information Service Provider (AIS) at the German banking authority (BaFin); its data protection is certified by TÜV.
savedroid AG aims to keep its Service safe for everyone, and data security is of the utmost priority. savedroid AG will engage with security researchers when vulnerabilities are reported to us as described here. We will validate, respond, and fix vulnerabilities in support of our commitment to security and privacy.
We have included a document that will help you get to know Savedroid a little better with some frequently asked questions. {F585687}
SaveDroid will make a best effort to meet the following response targets for hackers participating in our program:
We’ll try to keep you informed about our progress throughout the process.
#Testing Exclusion Please note you are not permitted to access, download or modify data residing in any other Account, or one that is not registered to you. You are also prohibited from:
#Out of scope vulnerabilities When reporting vulnerabilities, please consider (1) attack scenario/exploitability, and (2) security impact of the bug. The following issues are considered out of scope:
Attacks requiring MITM or physical access to a user's device.
Missing best practices in SSL/TLS configuration.
Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
Thank you for helping keep SaveDroid and our users safe!