Apakah infinID Aman?
Kredit Pelunas Utang
Konsultasi Finansial
Hitung Estimasi
Login
Ajukan Sekarang
  • infinID Bug Bounty Program

At infinID, we are committed to maintaining the security of our platforms and protecting our users. We invite security researchers to help us
by identifying vulnerabilities and reporting them through our Bug Bounty Program.

Program Overview

The infinID Bug Bounty Program encourages ethical hackers to report security vulnerabilities that could affect infinID’s services. We offer
rewards for validated reports based on the severity and impact of the vulnerability.

Scope

The following platforms are within scope:

  • infinID Web Application and API
  • infinID Mobile Applications (iOS and Android)
  • infinID Backend Services and Infrastructure.
 

Out of Scope:

  • Attacks requiring physical access, social engineering, or phishing
  • Denial of Service (DoS) attacks
  • Issues related to third-party services or external libraries
  • Vulnerabilities requiring root/jailbreak on mobile device
 

Reward Structure

Rewards are based on the severity of the reported vulnerability. infinID follows the CVSS (Common Vulnerability Scoring System) to
determine the impact level of each submission. Here is the reward breakdown:

Severity LevelCVSS Score RangeExample VulnerabilitiesTables Reward Range
Critical9.0-10.0Remote Code Execution, Privilege EscalationIDR 4,000,000
High7.0-8.9SQL Injection, Authentication BypassIDR 3,000,000
Medium4.0-6.9Cross-Site Scripting (XSS), Sensitive Data ExposureIDR 1,500,000
Low0.1-3.9Minor Security Misconfigurations, Information DisclosureIDR 500,000
InformationalN/AIssues that do not pose a direct security threat but are worth notingNone (IDR 0)

The reward amounts may vary based on the actual impact of the vulnerability and how easily it can be exploited.

Vulnerability Types
We are interested in reports for the following types of vulnerabilities:

  1. Remote Code Execution (RCE)
    Example: An attacker can execute arbitrary code on the server or client-side.
  2. Privilege Escalation
    Example: Gaining access to administrative functions or higher-level privileges.
  3. SQL Injection
    Example: An attacker can manipulate database queries via unsanitized inputs.
  4. Authentication Bypass
    Example: An attacker can bypass authentication mechanisms to access restricted areas.
  5. Cross-Site Scripting (XSS)
    Example: Malicious scripts are injected into a website viewed by other users.
  6. Sensitive Data Exposure
    Example: Unintentional exposure of personal or financial information.
  7. Insecure Direct Object References (IDOR)
    Example: Accessing unauthorized resources by manipulating object references.
  8. Cross-Site Request Forgery (CSRF)
    Example: An attacker tricks a user into performing actions on behalf of the attacker.
  9. Security Misconfigurations
    Example: Misconfigured security headers or improper permission settings.
  10. Insecure API Endpoints
    Example: API endpoints exposing sensitive information or allowing unauthorized access.
 

Reporting Guidelines

  • Please provide a clear, detailed report with step-by-step instructions to reproduce the vulnerability.
  • Include screenshots, videos, or Proof of Concept (PoC) to support your findings.
  • Indicate the potential security impact and suggested mitigations.
 

Responsible Disclosure Policy
We require all researchers to:

  • Act in good faith and avoid harming user data or disrupting services.
  • Allow a reasonable time for infinID to address the vulnerability before public disclosure.
  • Follow the guidelines and avoid any malicious exploitation of discovered vulnerabilities.
 

How to Submit
Submit your findings via email at [email protected]. Ensure your report includes all necessary details for reproduction.

Legal
Participation in infinID’s Bug Bounty Program implies agreement with all applicable laws. infinID reserves the right to modify or cancel the
program at any time.

Ajukan Pinjaman untuk Beragam Kebutuhan

Ingin memulai atau melanjutkan usaha, renovasi dan bangun rumah impian? Semua jadi bisa dilakukan.
Ajukan Sekarang

PT Inovasi Finansial untuk Indonesia

Jl. RS Fatmawati Raya No. 16 Cipete Selatan, Cilandak, Jakarta Selatan, DKI Jakarta 12420, Jakarta Selatan, DKI Jakarta 12420

PT Inovasi Finansial untuk Indonesia (infinID) adalah perusahaan berbadan hukum di Indonesia yang sudah disahkan oleh Kementerian Hukum dan HAM, serta sudah resmi terdaftar sebagai Penyelenggara Sistem Elektronik (PSE) Domestik di Kementerian Komunikasi dan Informatika dengan nomor izin 008554.01/DJAI.PSE/11/2022.

infinID juga sudah resmi tercatat sebagai Penyelenggara Inovasi Keuangan Digital (IKD) di Otoritas Jasa Keuangan (OJK) pada klaster Financing Agent dengan nomor S-135/NB.22/2023, serta merupakan anggota AFTECH Indonesia dengan nomor anggota 680/REG/AFT/SU.

Kontak Perlindungan Konsumen | Direktorat Jenderal Perlindungan Konsumen dan Tata Tertib Niaga | Kementerian Perdagangan Republik Indonesia | Nomor Whatsapp: 0853 1111 1010

Pinjaman Multiguna

Pelajari

Hubungi kami

Download

© 2024 InfinID

Facebook Instagram Youtube Linkedin