passhash

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
https://github.com/dhui/passhash SOURCE_CODE critical
# Eligible Vulnerabilities * Design flaws which could be exploited * Insecure default config/settings * Usage of insecure (deprecated) algorithms * Poor/incorrect usage of a package/dependency resulting in a vulnerability # Exclusions While researching, we'd like to ask you to refrain from: * Denial of service * Spamming * Social engineering (including phishing) of passhash staff or contractors * Any physical attempts against passhash property or data centers * Vulnerabilities with source code host/provider (e.g. github) * Vulnerabilities where the root cause is upstream (e.g. a dependency with a vulnerability)

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity