Policies
Vulnerability Disclosure
Jacks Club strongly believes close partnerships with security researchers make customers more secure. The purpose of this reward program is to be proactive about security by providing a channel for security researchers to report potential security vulnerabilities identified related to our web assets (and mobile applications).
Reporting Vulnerabilities
You are welcome to report any kind of vulnerabilities to us, when submitting the vulnerability report please provide any supporting material (proof-of-concept code, tool output, etc.) that would be useful in helping us understand the nature and severity of the vulnerability. So that we can respond way more effectively to your report.
Reward Program
Jacks Club will reward in the following cases:
- New findings, if it's reported previously by another researcher, it's considered as a duplicate and not rewarded;
- Keep the finding private and not disclose any vulnerabilities publicly;
- Your testing must not violate any laws or our rules.
Please note that only vulnerabilities with a working proof of concept that shows how it can be exploited will be considered eligible for our reward program. If the report cannot be validated, or is not found to be a flaw in a Jacks Club product, this will be shared with you.
Prohibited Actions
- Don't do any damage during your investigation
- Don't use social engineering techniques to gain access to our systems
- Don't publish company or customer data
- Don't share gained access with others in case you successfully penetrated our systems
- Don't make any changes in the system
- Don't access more information than strictly required
- Don't use brute-force techniques
- Don't use techniques that can influence the availability of our services
- Don't disclose or share vulnerabilities with third parties, until they are fully resolved
Failure to meet the above conditions and requirements may be considered a breach of responsible disclosure guidelines and eliminate any potential recognition of the submitted research contribution.
Already Reported Vulnerabilities
The vulnerabilities below are already know and will not be rewarded when mentioning them.
- Enabling / Disabling 2FA should invalidate other sessions.
- 2FA required when resetting your password.
- Changing your password should invalidate other sessions.
- Username already exists error while signing up.