We've added a new sign in flow to our website - Announcements - ExpressVPN

$150 – $2,500 per vulnerability
Up to $100,000 maximum reward
Safe harbor

When signing into our website, we previously required an email address and password. You can now also sign in with just an email address. We'll email a magic sign-in link to the supplied address. This is primarily designed to ease sign-in for users with multiple devices.

We're interested in potential vulnerabilities surrounding this feature, particularly authentication bypass.

Note that we do rate-limit this endpoint and the set limits are intentional.

You can sign in with only an email address at https://www.expressvpn.com/sign-in?pwd=0.