ecobee

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
572987124 APPLE_STORE_APP_ID low medium medium critical
916985674 APPLE_STORE_APP_ID low medium medium critical
admin.ecobee.com URL medium high high critical
* Automated requests/scanning must be kept to 45 requests per minute. * You MUST use your h1 email alias as your test account. **You run the risk of a program block/ban if you do not use your h1 email alias and send more than 45 requests per minute when testing.**
api.beta.ecobee.com URL none none medium high
api.ecobee.com URL medium high high critical
beehive.ecobee.com URL low low medium high
beta.ecobee.com URL none none low low
capture.ecobee.com URL none none low low
com.ecobee.athenamobile GOOGLE_PLAY_APP_ID low medium medium critical
com.ecobee.emsmobile GOOGLE_PLAY_APP_ID low medium medium critical
content.ecobee.com URL none none low low
developer.beta.ecobee.com URL none none low low
ecobee 3 lite HARDWARE critical
ecobee will not be providing test devices. If any customer or individual finds a vulnerability in an ecobee product, then he or she can safely report the details through this program.
ecobee 4 thermostat HARDWARE critical
ecobee will not be providing test devices. If any customer or individual finds a vulnerability in an ecobee product, then he or she can safely report the details through this program.
ecobee Switch+ Smart Light Switch HARDWARE critical
ecobee will not be providing test devices. If any customer or individual finds a vulnerability in an ecobee product, then he or she can safely report the details through this program.
es.ecobee.com URL high medium medium critical
* Automated requests/scanning must be kept to 45 requests per minute. * You MUST use your h1 email alias as your test account. **You run the risk of a program block/ban if you do not use your h1 email alias and send more than 45 requests per minute when testing.**
eva.ecobee.com URL high high high critical
files.ecobee.com URL low low low medium
grafana.infra.ecobee.com URL low low low medium
home-fw.hm-prod.ecobee.com URL low low medium high
home-fw.hm-stage.ecobee.com URL none none low low
home.ecobee.com URL medium high medium critical
home.hm-prod.ecobee.com URL low low medium high
lofn.ecobee.com URL low low low medium
ls-api.ecobee.com URL high high high critical
ls-fw.ecobee.com URL low low medium high
ls.ecobee.com URL high high high critical
metrics.ls-dev.ecobee.com URL none none low low
rebatefinder-dev.ecobee.com URL none none low low
rebatefinder-stage.ecobee.com URL none none low low
rebatefinder.ecobee.com URL low low low medium
sb-auth.ecobee.com URL medium high high critical
* Automated requests/scanning must be kept to 45 requests per minute. * You MUST use your h1 email alias as your test account. **You run the risk of a program block/ban if you do not use your h1 email alias and send more than 45 requests per minute when testing.**
sb.ecobee.com URL medium high high critical
* Automated requests/scanning must be kept to 45 requests per minute. * You MUST use your h1 email alias as your test account. **You run the risk of a program block/ban if you do not use your h1 email alias and send more than 45 requests per minute when testing.**
schedulepilot.labs.ecobee.com URL none none low low
ssp.ecobee.com URL low low low medium
stg.chronos.ecobee.com URL low low low medium
teleport.ecobee.com URL low low low medium
terra.ecobee.com URL none none low low
utilities.ecobee.com URL none none low low
vpn.ecobee.com URL low low medium high
web.cw-dev.ecobee.com URL none none low low
www.ecobee.com URL low none low medium
www.ecobee.com/consumerportal URL medium low high critical
* Automated requests/scanning must be kept to 45 requests per minute. * You MUST use your h1 email alias as your test account. **You run the risk of a program block/ban if you do not use your h1 email alias and send more than 45 requests per minute when testing.**
www.ecobee.com/home URL medium high high critical
* Automated requests/scanning must be kept to 45 requests per minute. * You MUST use your h1 email alias as your test account. **You run the risk of a program block/ban if you do not use your h1 email alias and send more than 45 requests per minute when testing.**

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
austinenergy.ecobee.com URL none
cdn01.ecobee.com URL none
confluence.ecobee.com URL none
duo.ecobee.com URL medium high high none
email.ecobee.com URL none
graylog.ecobee.com URL none
help.ecobee.com URL none
labs.ecobee.com URL none
learning.ecobee.com URL none
ls-staging.ecobee.com URL none
lyncdiscover.ecobee.com URL none
payments.ecobee.com URL none
shop.ecobee.com URL none
snipeit.ecobee.com URL low low low none
stage.ecobee.com URL none
status.ecobee.com URL none
support.ecobee.com URL none
vibee.ecobee.com URL none