2-Factor Authentication (2FA bypass)
Max payout:
$20k*
Guidelines
These guidelines illustrate how we assess the security impact of bypassing 2-Factor Authentication (2FA bypass) types of vulnerabilities. We cap the maximum base payout for 2FA bypass at $20,000* and then apply any applicable deductions based on required user interaction, prerequisites, and any other mitigating factors to arrive at the final awarded bounty amount.
For valid reports identifying an Account Takeover (ATO) vulnerability which bypasses 2FA, we’ll issue a bounty award for both ATO and 2FA vulnerabilities.
Payouts
2FA bypass
up to
$20k*