Bug Bounties


Powered by: 

Allows bounty splitting: 

Average time to first program response: 20

Average time to bounty awarded null: 

Average time to report resolved: 

Handle passhash

Managed program: false

Name: passhash

Offers bounties: false

Offers swag: false

Response efficiency percentage: 100

Submission state: open

Url: https://hackerone.com/passhash

Website: https://github.com/dhui/passhash

In scope:

  • Asset identifier: https://github.com/dhui/passhash
  • Asset type: SOURCE_CODE
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: # Eligible Vulnerabilities * Design flaws which could be exploited * Insecure default config/settings * Usage of insecure (deprecated) algorithms * Poor/incorrect usage of a package/dependency resulting in a vulnerability # Exclusions While researching, we'd like to ask you to refrain from: * Denial of service * Spamming * Social engineering (including phishing) of passhash staff or contractors * Any physical attempts against passhash property or data centers * Vulnerabilities with source code host/provider (e.g. github) * Vulnerabilities where the root cause is upstream (e.g. a dependency with a vulnerability)
  • Integrity requirements: 
  • Max severity: critical