1. Purpose of ProgramThe purpose of the Program is to quickly discover any vulnerabilities that exist in the LINE messenger app or the WEB sites, and provide LINE users (“Users”) the most secure service possible.
2. Program DatesReport Submission Dates: 3pm, on June 2, 2016 (GMT+9) ~
3. Program flowResults will be made public successively after the conclusion of internal review.
4. Eligibility1.the latest version of the LINE messenger app
5. Conditions for Participation
|SQL Injection||Ability to access private information through an SQL injection attack||USD 3,000|
|Cross-Site Scripting (XSS)||Ability to hijack a session or execute scripts through an XSS attack||USD 500|
|Cross-Site Request Forgery (CSRF)||Ability to force a LINE user to perform an undesired process through a CSRF attack||USD 500|
|Remote Code Execution||Ability to send packets containing arbitrary code to the client or server side||USD 10,000|
|Authentication Bypass||Ability to masquerade as another person by bypassing authentication procedures||USD 5,000|
|Purchase Bypass||Ability to obtain items while bypassing in-app payment procedures||USD 5,000|
|Encryption Break||Ability to obtain another person’s authentication information by cracking encrypted data||USD 10,000|
|Other||Other vulnerabilities||USD 500|
7. Vulnerabilities not eligible for rewardsExamples of vulnerabilities not eligible for cash rewards are listed below. However, LINE may deem additional cases eligible for the cash reward at its own discretion.
9. Program DetailsFor more details on the program, please click here.
Please use the Bug Report Form to report any bugs you find.
The Bug Report Form page will be available from 15 pm, June 2, 2016 (GMT+9).
We have created a list of things that will not be recognized as bugs. Please make sure that you understand the items listed on the Details Page (Vulnerabilities not Eligible for Cash Reward) before submitting your report.
1. Notes Regarding Reporting and ReviewsVulnerability reviews are conducted according to standards established by LINE Corporation. If the vulnerability is recognized, the submitter will be contacted by e-mail.
2. Other InquiriesSee Article 18 of the Details Page.
3. Reporting bugs not related to the LINE Security Bug Bounty ProgramIf you are unable to use the report form, or you would like to report a bug unrelated to this program, please contact us at firstname.lastname@example.org