You are here :HomeBug bounty program

Alldebrid Bounty Program

The Alldebrid Bounty Program provides bounties for technical security vulnerabilities. We call on our community and all bug hunters to help identify technical security vulnerabilities in our service.

Our rewards go from 4€ (or 1 month premium) to 300€ (or lifetime premium) (depending the severity of the technical security vulnerability found).

Our bug bounty program is limited strictly to technical security vulnerabilities of Alldebrid service. Any activity that would disrupt, damage or adversely affect any third-party data or account is not allowed.

The following are strictly prohibited:

• Denial of Service and brute forcing attacks.

• Physical attacks against offices and data centers.

• Social engineering of our service desk, employees or contractors.

• Compromise of a alldebrid users or employees accounts

• Use of a tool that generates a significant volume of traffic.

Additionally, the following vulnerabilities will not be considered for bounty:

• Cross site request forgery (CSRF and XSRF)

• Cross domain leakage

• Information disclosure

• XSS attacks via POST requests or self XSS (unless you provide a PoC that show impact on other Alldebrid customers)

• HttpOnly and Secure cookie flags

• HTTPS related (such as HSTS)

• Session timeout

• Missing security headers which do not lead directly to a vulnerability (unless you deliver a PoC)

• Click-jacking

• Rate-limiting

• DKIM/SPF/DMARC issues

To submit a vulnerability, contact our support.


Good hunt !