At Alive5, we acknowledge that even the best of us can make mistakes. That's why we welcome your assistance in identifying and reporting any bugs or vulnerabilities you come across. To report such issues, kindly send an email to
security@alive5.com and provide the following details:
When you report a bug to us, we are committed to promptly investigating and addressing it. Our response time is set at a maximum of 14 business days. The reward you receive for your bug report will vary based on the severity of the vulnerability.
Desktop web application:
https://app.alive5.com/
Desktop and mobile apps from:
https://support.alive5.com/apps-downloads.html
The chat window on this page:
https://alive5.com/chat_window_wrap.html?wid=4af0f679-0493-4b4f-aca2-a6814ae3673e
Low
Vulnerabilities with a lower likelihood of exploitation, potentially leading to minimal compromise of resource confidentiality, integrity, or availability in rare scenarios.
These vulnerability types demand unusual conditions for successful exploitation and, if compromised, result in minimal consequences.
They exhibit susceptibility to external, uncomplicated, single-actor, logic-based attacks, causing minor performance degradation in critical systems or products.
Medium
These vulnerabilities may pose a challenge for exploitation, yet they still carry the potential for compromising resource confidentiality, integrity, or availability in specific situations.
These vulnerabilities, while possessing the potential for critical or high impact, are less susceptible to exploitation based on a technical assessment of the flaw, particularly when targeting unlikely configurations.
They exhibit vulnerability to external, straightforward, single-actor, logic-based attacks that can lead to measurable performance degradation in one or more critical systems or products.
High
Vulnerabilities capable of jeopardizing the confidentiality, integrity, or availability of both production and corporate resources and data.
Vulnerabilities susceptible to exploitation by internal and/or external attackers, whether authenticated or not, which can result in system compromise or exposure of highly sensitive customer data without user interaction.
Vulnerabilities that grant local users the ability to escalate their privileges.
Vulnerabilities that enable unauthenticated remote users to access sensitive information.
Predisposition to external, uncomplicated, single-actor, logic-based attacks leading to significant performance degradation in one or more critical systems or products.
Critical
Vulnerabilities with the potential to jeopardize the confidentiality, integrity, or availability of production and corporate resources or data, often with minimal exploitation complexity and attacker expertise.
Vulnerabilities susceptible to easy exploitation by remote or unauthenticated attackers, leading to system compromise or exposure of highly sensitive customer data, all without any user interaction.
Successful exploitation of a vulnerability that leads to a complete compromise of servers or infrastructure devices at the root level.
We will test the bug and respond to you within 14 business days. Depending on the severity of the vulnerability, you will receive company swag or a cash reward of between $30 and $300 contingent of the requirements listed:
Requirements: