Clario

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.kromtech.com URL low low low medium
*.mackeeper.com URL low low low medium
co.clario.android GOOGLE_PLAY_APP_ID low high low critical
co.clario.clario.ios APPLE_STORE_APP_ID low high low critical
https://account.mackeeper.com URL high high high critical
https://adblocking.clario.co URL medium medium low critical
https://api-ne.clario.co URL medium medium low critical
https://api.account.opendoor.ltd URL low medium medium critical
# Base instruction For registration, you need to create a user with POST /v1/user, in response you have jwt token, and you can make activity. For auth to create user please use X-API-KEY as a header. ## Note that! This service only for the H1 test, you can't public anywhere. Also, this works in the test environment, that service doesn't contain any prod data. ## Header X-API-KEY eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJiaSI6ImgxIiwidmVyIjoiMS4wLjAifQ.ee6yYKs0gZXcsG8VpiwxvTcsGx4y36ihUuiK7bdpU0vBEO53cvVNG7_Fx4N_OGtU0ZrIilZT2nNVzQkr14VJExYCqWJE7-dEZDhrMv-gERV6i6ydODCguCB4YhucKnl0WZK10xM56Se7PptTETnVDhPpAP4IZ5VjwyqKS5xcMRkIgRytI4D9GW28jEXH2YzvLXJqGL_q_zDBJYzFCR-Txx-JKUiGuQ5RSiilkjtYP03aFOEizVFGLqPeMRRUoEGoGKeKaf8rMVanW-KipTfIgDPX5GDv0_WT_c151nvrtTQdo2K1n-qNmyfBwACPjqx9Eh-uK_rOk6v6zUkrxqhL8kSuPhe_orUpXSyMbSDhMOwWnnKYyZQYMk1w90QFXQFY80Hqzb80xt0G9rPRJQL1mLXpTJOsnypcSqhWBpcLln0eHmTCPB6YILS0bbHUlMCWwYCbE6pkpB-UnYpYHVR1Nqq6IY7Z0gDZOdAbXHnp_0-EETa9woRyY6ticERBVWC6UBycQcw0SLd4I-zLhOYZ2C9vXLONRyLZ1FcVU4MSPjzLmYm7rG8BZIjz-eXXoa_aUIbYNfYyKwiXopiEXQy1nBZIZeaKvyF54t36RdKOWLhJvxDncXnzqNGIoDS-XmnACHFlGkPPHfNh-DrYwqY1fgUwKNWPM-HsACkGrOXHEKs Authorization API signup/login/reset access POST ​/v1​/user​/email Check that email exists in database { "email": "user@example.com", "device_id": "sdfsadfasdfsdaf" } POST ​/v1​/user Create new user and return auth and refresh token. { "email": "user@example.com", "password": "secretpass1", "name": "Jimm Worm", "device_id": "sdfsadfasdfsdaf", "consents": { "marketing_name": true, "app_statistics": false, "marketing_emails": true } } POST ​/v1​/user​/login Login user and return auth token, invalidate previous session. { "email": "user@example.com", "password": "secretpass1", "device_id": "sdfsadfasdfsdaf" } PATCH ​/v1​/user​/password Change users password. { "previous_password": "secretpass1", "password": "secretpass1" } PUT ​/v1​/user​/password Reset users password. { "password": "secretpass1" } DELETE ​/v1​/user​/token Revoke auth & refresh tokens. PATCH ​/v1​/user​/token Refresh auth & refresh tokens. POST ​/v1​/check​/access-token Check access token of user accessToken * string user's access token ### User API Possible operations with user PATCH ​/v1​/user Change user object properties. { "name": "Jimm Worm" } GET ​/v1​/user Get user profile information PATCH ​/v1​/user​/attach-device Link user with device. { "device_id": "sdfsadfasdfsdaf" } PATCH ​/v1​/user​/personalization Add personalization information to user. { "area1": { "options": [], "skipped": false }, "area2": { "options": [], "skipped": true }, "area3": { "options": [ "i_have_problems_with_network" ], "skipped": false } } PATCH ​/v1​/user​/consents Change consent information in user profile. { "marketing_name": true, "app_statistics": true, "marketing_emails": true } POST ​/v1​/verification-code​/forgot-password Send email verification code to user { "email": "user@example.com", "device_id": "sdfsadfasdfsdaf" } POST ​/v1​/verification-code​/auth Check email verification code { "code": "45FG", "device_id": "sdfsadfasdfsdaf" } ### Device API register device API PUT ​/v1​/device Update device info. { "device_id": "sdfsadfasdfsdaf", "device_model": "iPhone", "system_name": "IOS", "system_version": "12.0.1", "language_code": "en", "country_code": "US", "timezone_id": "America/New_York", "token": "dsfnsdkjnfjsdk3423kld" } ### Idtg API api for Id Theft Guard service POST ​/v1​/idtg​/scan-item Adds new scanItem, that later will be scanned at IDTG service. { "type": "email", "value": "test@gmail.com|+380662323255", "monitoring_enabled": true } GET ​/v1​/idtg​/scan-item Performs manually triggered scan of all added scanItems for the breaches and returns the array of each scanned scanItem statistic. PATCH ​/v1​/idtg​/scan-item​/{scanItemId} Updates ScanItem monitoring_enabled parameter value { "monitoring_enabled": true } DELETE ​/v1​/idtg​/scan-item​/{scanItemId} Removes ScanItem for user. POST ​/v1​/idtg​/scan-item​/{scanItemId}​/scan Performs manual scan for the breaches for a given scanItem and returns scanned ScanItem statistics. { "id": "871556ad-dbd8-429d-8335-0d4668b96dd9", "type": "email", "value": "test@gmail.com|+380662323255", "is_verified": true, "monitoring_enabled": true, "breach_count": 10, "fixed_breach_count": 10, "new_breach_count": 10, "scan_date": 1568351, "updated_at": 156835145 } POST ​/v1​/idtg​/scan-item​/{scanItemId}​/verification-code Sends verification code to user's specified scanItem POST ​/v1​/idtg​/scan-item​/{scanItemId}​/verification-code​/verify Verifies code to allow user to see breaches of specified scanItem { "code": "RFQT" } GET ​/v1​/idtg​/scan-item​/{scanItemId}​/breach Get information about user's breaches PATCH ​/v1​/idtg​/scan-item​/{scanItemId}​/breach Mark as changed of user's breach { "breach_ids": [ "5defadc9d0a0e2973b8b45ea" ], "status": "seen" }
https://chat-crm.clario.co URL medium medium low critical
https://chat.clario.co URL medium medium low critical
https://clario.co URL low medium medium critical
https://clario.co/link/90549c9e-aca6-11ea-acb7-127369ec21d1 DOWNLOADABLE_EXECUTABLES medium medium low critical
Download and test application Clario.1.0.0.pkg
https://crm.clario.co URL medium medium low critical
https://dcs.clario.co URL medium medium low critical
https://dl.clario.co URL medium medium low critical
https://event.clario.co URL medium medium low critical
https://get-unbounce.clario.co URL medium medium low critical
https://inapp.clario.co URL medium medium low critical
https://mackeeper.com/mk/download/ DOWNLOADABLE_EXECUTABLES high high high critical
Download Mackeeper.<latest.pkg> and install it.
https://static-cdn.clario.co URL medium medium low critical
https://sz.clario.co URL medium medium low critical
https://updater.clario.co URL medium medium low critical
https://updatetracker.clario.co URL medium medium low critical
https://webapi.clario.co URL medium medium low critical
https://yapi.clario.co URL medium medium low critical
https://account.clario.co URL medium medium low critical
https://clario.co DOWNLOADABLE_EXECUTABLES medium medium low critical
Download and test latest Clario.app application

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.email.mackeeper.com URL none
Third-Party assets, we strictly forbid any activity on these resources.
e.mackeeper.com URL none
https://account.clario.co URL none
we forbid any activity on this service
https://api.account.clario.co URL low medium medium none
we forbid any activity on this service
https://connect.clario.co URL none
we forbid any activity on this service
https://kibana-logs.clario.co URL none
we forbid any activity on this service
https://vpn.clario.co URL none
we forbid any activity on this service
store.mackeeper.com URL none
This is not our resource