Vulnerability search month in Kontur

Hey fellow bounty hunters!

We announce vulnerability search month in Kontur’s products for RuCTFE participants. Start on May 4. Reports accepted until June 4. The prize fund is 200,000 rubles.

Teams may consist of any number of participants.

Important additions to the basic rules of the program:

  • You can search for vulnerabilities in all our products (*.kontur.ru, *.skbkontur.ru, 46.17.200.0/21) from May 4 until June 4.
    • Take note that Kontur.Diadoc participates from May 14 until June 4 only.
  • You can get accounts to authenticate in products. Send an email to security@skbkontur.ru «I want an account for the team %NAME%.»
  • When submitting a report via the form, please specify the name of your team in the «Vulnerability description» field.
  • For each accepted report, the team receives points based on the severity of the vulnerability:
    • Low — 20
    • Medium — 40
    • High — 60
    • Critical — 80
  • For duplicates or reports of previously known vulnerabilities, you get 10 points.
  • For each vulnerability, please provide a description of the exploitation scenario and its possible impact. More detailed reports are more likely to be accepted.
  • The prize fund will be split between the three teams with the highest score.

Good luck!

Team The number of vulnerabilities found, taking into account the severity Score
Low Medium High Critical Duplicate
SFT0   2       80
             
             

Русская версия