Authvaultix
    Pages
    • Overview
    • Dashboard
    • Pages
    • API
    • Applications
    • Users
    • Subscriptions
    • Licence
    • Chatroom
    • Manage Accounts
    • seller keys
    • Seller Logs
    • Global Variables
    • User Variable
    • Sessions
    • Files
    • Blacklist
    • Whitelist
    • Webhooks
    • Logs
    • Audit Logs
    • Account
    • Settings
    • Forms
    • Upgrade
    • Bug Bounty
    Discord
    Github

    Bug Bounty

    Bug Bounty Program#

    The purpose of the Bug Bounty Program is to encourage security researchers and developers
    to responsibly report vulnerabilities found within the platform.
    If a user discovers a security vulnerability in AuthVaultix.com or api.AuthVaultix.com,
    they can submit a report through this program and may receive a reward for valid findings.

    Program Overview#

    The goal of the bug bounty program is to improve the platform's security.
    Through responsible disclosure, vulnerabilities can be fixed
    and the platform can become more secure.
    Security researchers are encouraged to report vulnerabilities responsibly
    and notify the platform team before any public disclosure.

    Rewards#

    Rewards are provided for valid vulnerability reports.
    • Reward: 1 Month Developer Plan
    The reward is provided after the vulnerability has been verified for validity and impact.

    Scope#

    In Scope (Allowed Targets)#

    • AuthVaultix.com
    • API Endpoints
    Only server-side vulnerabilities are included within the scope of this bug bounty program.

    Out of Scope#

    • GitHub repositories
    • Frontend assets (HTML / CSS / JavaScript)
    • Self-XSS vulnerabilities
    • Social engineering attacks
    Reports related to these categories are not eligible for rewards.

    Responsible Disclosure Guidelines#

    When submitting a bug report, the following guidelines should be followed:
    • Do not damage or disrupt the system
    • Avoid unauthorized access to user data
    • Report vulnerabilities privately before public disclosure
    • Perform only minimal testing required to prove the vulnerability

    Secure Report Submission#

    Submitted vulnerability reports are automatically secured using RSA encryption.
    This means:
    • The report is stored in encrypted form
    • Only the platform owner can decrypt and read the report
    • Third parties or individuals with database access cannot view the report
    This ensures that the data of security researchers remains protected.

    Submitting a Vulnerability Report#

    When submitting a report, you should provide the following information:
    • Severity Level
    • Vulnerability Description
    • Proof of Concept (PoC)
    • Steps to Reproduce
    • Contact Email
    Including a contact email is important so the platform team can reach out for additional details if necessary.

    Severity Levels#

    • Low – Minor configuration issues
    • Medium – Privilege escalation or security bypass
    • High – Critical vulnerabilities (SQL Injection, Remote Code Execution, Data leaks)
    Severity depends on the vulnerability’s impact and exploitability.

    Description Format#

    When submitting a report, it is recommended to follow this format:
    • Your Email
    • Vulnerability Type
    • Detailed Explanation
    • Proof of Concept
    • Steps to Reproduce
    • Links to screenshots or videos
    Clear and detailed reports help the team reproduce and fix vulnerabilities more quickly.

    Character Limit#

    The vulnerability description field allows a maximum of 500 characters.
    A character counter automatically shows how many characters have been used.
    If additional proof or explanation is needed, external links (such as videos or screenshots) can be included.
    Modified at 2026-03-04 16:43:45
    Previous
    Upgrade
    Built with