Credit Karma

  • $200 – $5,000 per vulnerability
  • Partial safe harbor
  • Managed by Bugcrowd

Program Scope Update

Hello Credit Karma researchers!

Please note the following has been added to the brief and all testing moving forward is required to be done through the following IP:

In order to access the application, researchers MUST go through the following proxy:

Port: 25603
Proxy authentication: bugcrowd:bugcr0wd

See here for more information on setting up burp to work with an upstream proxy.

Happy Hunting!

The Bugcrowd Team