//
Detail Updates Leaderboard
Description

At Veriff we are passionate about creating a safer environment online. Our mission is to bring transparency to the digital world. We take the security of our systems seriously, and we value the security community. The disclosure of security vulnerabilities helps us ensure the security and privacy of our users. We ask all researchers to follow the guidelines provided.

Bounties
Low
0.1 - 3.9
Medium
4.0 - 6.9
High
7.0 - 8.9
Critical
9.0 - 9.4
Exceptional
9.5 - 10.0
Tier 1
min. €
max. €
50
250
300
1,000
1,250
2,500
2,750
3,500
4,000
6,000
Tier 1
€50 - €6,000
Tier 2
min. €
max. €
25
75
100
500
750
1,500
1,750
2,500
2,750
3,500
Tier 2
€25 - €3,500
Tier 3
min. €
max. €
5
25
30
100
150
300
450
600
750
1,000
Tier 3
€5 - €1,000
Rules of engagement
Required
Not applicable
max. 2 requests /sec
Not applicable

By participating in this program, you agree to:

  • Respect the Community Code of Conduct
  • Respect the Intigriti Terms and Conditions
  • Respect the scope of the program
  • Not discuss or disclose vulnerability information without prior written consent (including PoC's on YouTube and Vimeo)

Your commitment to us:

  • Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing
  • Do not access or copy our customer data
  • Do not abuse our service to conduct fraud
  • Keep information about any vulnerabilities you’ve discovered confidential between yourself and Veriff until we have resolved the issue
  • Please do not register public CVEs without our consent
  • We cannot accept any submissions found by using automatic scanners. Scanners also won't improve your skills, and can cause a high server load (we'd like to put our time in thanking researchers rather than blocking their IP's 😉)

Our commitment to you:

  • Not pursuing or supporting any legal action related to your research
  • Working with you to understand and resolve the issue quickly
  • We will provide temporary premium access to our product (unlocking new app features for more in-depth testing) to researchers who show interest in our program and submit high quality reports

Check our fix
We offer up to €50 bonus to verify a resolved issue for us (when requested).
This remains at the discretion of Veriff to award.

Domains
tier
type
1467907532
Tier 1
iOS

An iOS application for demoing our product.

alchemy.veriff.com
Tier 1
URL

This is an end user (internal) API endpoint.

api.flamingo-eu.veriff.com
URL

This is a public API endpoint.

Severity assessment

This program follows Intigriti's contextual CVSS standard

FAQ

Where can we get credentials for the app?

You can self-register on the application but please don’t forget to use your @intigriti.me address.

Click Start your 15-day free trial, your name, company name & website URL should be related to Intigriti so we can easily differentiate your account.

All aboard!
Please log in or sign up on the platform

For obvious reasons we can only allow submissions or applications for our program with a valid Intigriti account.

It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.