LINE Corporation (“the Company”) is conducting the LINE Security Bug Bounty Program ("the Program") from June 2, 2016, whereby cash rewards will be paid for vulnerability reports, for the purpose of improving the security of the Company's online environment. Individuals desiring to participate in this program and receive a cash reward must agree to the provisions stipulated below ("these Terms of Service"). Individuals submitting a vulnerability report shall be deemed to have granted their agreement to these stipulations.
Furthermore, limited to those having one of the following domains.
However, LINE-related apps that are activated via another process after clicking a link within the App (LINE Family apps, LINE GAME apps, etc.) are not eligible.
|Vulnerability||Description||Reward Ex. *|
|SQL Injection||Ability to access private information through SQL injection attack||$3,000|
|Cross-Site Scripting(XSS)||Ability to hijack session or execute scripts through XSS attack||$500~|
|Cross-Site Request Forgery(CSRF)||Ability to force the User to perform an undesired process through CSRF attack||$500|
|Remote Code Execution||Ability to execute arbitrary codes on a client or server||$10,000|
|Authentication Bypass||Ability to masquerade as another person by bypassing authentication procedures||$5,000|
|Purchase Bypass||Ability to obtain items while bypassing in-app payment procedures||$5,000|
|Encryption Break||Ability to obtain another person’s authentication information by decrypting an encrypted communication||$10,000|
|Improper Certificate Validation||Ability to obtain sensitive information by failing to validate SSL certificate.||$10,000|
|Server-Side Request Forgery (SSRF)||Ability to abuse functionality on the server to read or update internal resources.||$2,500|
|Client-Side Enforcement of Server-Side Security||Ability to bypass protection mechanism by relying on the client side protection only.||$500|
|Improper Access Control||Ability to access originally non-public pages because of access control failure.||$500~|
|Password in Configuration File||Ability to obtain a password or sensitive information in a configuration file.||$500|
|Insecure Direct Object Reference (IDOR)||Ability to bypass authorization and access resources directly by modifying the value of a parameter.||$5,000|
|Information Exposure Through Debug Information||Ability to obtain sensitive information through debugging information.||$500|
|Privilege Escalation||Ability to obtain elevated access to resources that are normally protected from an application or user.||$3,000|
|Cleartext Transmission of Sensitive Information||Ability to eavesdrop sensitive information in the network traffic.||$500~|
|Path Traversal||Ability to access arbitrary files and directories by manipulating variables||$500~|
Please note that the reward values are only a guide, and the monetary value stated for each vulnerability is not guaranteed.
Revised November 16, 2017