MyCrypto

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
about.mycrypto.com URL high high high critical
beta.mycrypto.com URL high high high critical
buy.mycrypto.com URL high high high critical
download.mycrypto.com URL critical
legacy.mycrypto.com URL high high high critical
overflow.mycrypto.com URL high high high critical
support.mycrypto.com URL high high high critical
www.mycrypto.com URL high high high critical
MyCryptoDesktop DOWNLOADABLE_EXECUTABLES high high high critical
Latest executables can be found https://github.com/MyCryptoHQ/MyCrypto/releases/latest. Previous versions can be found listed https://github.com/MyCryptoHQ/MyCrypto/releases/ - or you can [build yourself](https://github.com/MyCryptoHQ/MyCrypto#running-the-app)
ambo.herokuapp.com URL high high high critical
This is the network proxy between third-party APIs and the Ambo app.
ambo.io URL low medium high critical
Ambo.io is a product page for Ambo mobile apps. Any vulnerabilities with those please see type "iOS: App Store" titled "Ambo IOS App".
cryptoscamdb.org URL medium low high critical
etherscamdb.info URL medium low high critical
1460081235 APPLE_STORE_APP_ID high high high critical

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
Denial of Service OTHER none
Any activity that could lead to the disruption of our service (DoS) are out of scope
MITM/physical access to a user's device OTHER none
Attacks requiring MITM or physical access to a user's device are out of scope
SSL/TLS Configuration OTHER none
Tickets regarding missing best practices in SSL/TLS configuration are out of scope.