Public
Keybase
bug reports.
4,419
Bug Reports -
$2,030,173
Paid Out
Last Updated:
12th September, 2017
Team
Bounty
Title
Keybase
$500
Universal Cross-Site Scripting in Keybase Chrome extension
Keybase
$100
Denial of Service through set_preference.json
Keybase
$350
Register multiple users using one invitation (race condition)
Keybase
$50
Content spoofing due to the improper behavior of the not-found meesage
Keybase
$350
Race conditions can be used to bypass invitation limit
Keybase
$250
Remote Server Restart Lead to Denial of Service by only one Request.
Keybase
$250
Remote Server Restart Lead to Denial of Server by only one Request.
Keybase
$50
Un-handled exception leads to Information Disclosure
Keybase
-
xss
Keybase
$500
[keybase.io] Open Redirect
Keybase
-
Sensitive server-side/application information disclosure
Keybase
$100
Full path disclosure at https://keybase.io/_/api/1.0/invitation_request.json
Keybase
$250
Content Sniffing not disabled
Keybase
$250
No rate limiting for sensitive actions (like "forgot password") enables user enumeration
Keybase
$500
Stealing CSRF Tokens
Keybase
$500
SMTP protection not used
Keybase
-
NO SPF RECORDS