Bug Bounties

8x8 Bounty

Powered by: 

Allows bounty splitting: 

Average time to first program response: 0

Average time to bounty awarded null: 41

Average time to report resolved: 

Handle 8x8-bounty

Managed program: false

Name: 8x8 Bounty

Offers bounties: true

Offers swag: false

Response efficiency percentage: 100

Submission state: open

Url: https://hackerone.com/8x8-bounty

Website: https://www.8x8.com

In scope:

  • Asset identifier: *.8x8.vc
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Professional Meetings and Jitsi as a Service. At this time 8x8 does not provide credentials and researchers are responsible for any fees occurred if signing up for the service.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: *.8x8staging.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: *.chalet.8x8.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: *.jit.si
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: *.jitsi.net
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: 348177448
  • Asset type: APPLE_STORE_APP_ID
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://apps.apple.com/us/app/8x8-work/id348177448
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: connect.8x8.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: ##Exclusions 1. IDORs having unguessable/non-enumerable identifier are out of scope, especially: - IDORs in form of an UUID - IDORs based on `AccountId` and `subAccountId` 2. When testing support functionality please add "HackerOne" in your subject line and limit the number of requests to an absolute minimum.
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: https://github.com/jitsi
  • Asset type: SOURCE_CODE
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Open source repositories that support Jitsi. Good faith review of source that a reporter must have no association with the existence of the vulnerability in question.
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: org.vom8x8.sipua
  • Asset type: GOOGLE_PLAY_APP_ID
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://play.google.com/store/apps/details?id=org.vom8x8.sipua
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: platform.8x8.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: platform.8x8pilot.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: sms.8x8.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: - API usage via sign-up on 8x8 Connect (https://connect.8x8.com/login/signup) - Usage is described in: https://developer.8x8.com/connect
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: sso.8x8.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: sso.8x8pilot.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: uc.8x8pilot.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: user-profile-staging.8x8.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: user-profile.8x8.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: vcc-*.8x8.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Support Agent front-end: ./AGUI/login.php Configuration Manager: ./CM/login.php Latest version of software usually available on https://vcc-na30.8x8.com/.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: work-staging.8x8.com
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: work.8x8.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: You can self-sign up via the 8x8 Express product: https://www.8x8.com/products/express?signup=express (currently the first month is free upon signup)
  • Integrity requirements: 
  • Max severity: critical