NolimitVPN provides you an anonymous and secure Internet access to protect your Internet browsing and your data exchanges.

NolimitVPN secures your communications and your Internet browsing by encrypting your Internet traffic and your personal or professional data exchanges. Our service also reinforce your privacy and your anonymity on Internet by replacing your IP address by that of the VPN.

We take the security of our systems seriously, and we value the security researcher community. The disclosure of security vulnerabilities by security researchers helps us ensure the security and privacy of our users.

Guidelines

We require that all researchers:

  • Make a every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing;
  • Perform research only within the scope set out below;
  • Use the identified communication channels to report vulnerability information to us; and
  • Keep information about any vulnerabilities you’ve discovered confidential between yourself and NolimitVPN until we’ve had 90 days to resolve the issue.

If you follow these guidelines when reporting an issue to us we commit to:

  • Not institute a civil legal action against you and not support a criminal investigation;
  • Work with you to understand and resolve the issue quickly (confirming the report within 72 hours of submission);
  • Recognize your contribution on our Security Researcher Hall of Fame, if you are the first to report the issue and we make a code or configuration change based on the issue.

Thank you for participating, it is your work that will help to keep us secure.

Additional info

We can provide free subscriptions to pentesters, please request it directly from the contact form on our website.

Targets

In scope

  • *.nolimitvpn.com

Please register for free trial at: https://nolimitvpn.com/en/auth/sign-up

  • When completing the signup form you must use the following format in the name field
  • First Name = Researcher Handle, Last Name = Bugcrowd
  • Example = GoodGuyResearcher Bugcrowd

Out of scope

Any services hosted by 3rd party providers and services are excluded from scope. These services include:

  • http://cloudflare.com
  • http://mandrillapp.com
  • http://maxmind.com
  • http://stripe.com
  • http://recaptcha.com
  • http://zopim.com

In the interest of the safety of our users, staff, the Internet at large and you as the security researcher, the following test types are excluded from scope and not eligible for a reward:

  • Findings from physical testing such as office access (e.g. open doors, tailgating)
  • Findings derived primarily from social engineering (e.g. phishing, vishing)
  • Findings from applications or systems not listed in the ‘Targets’ section
  • Functional, UI and UX bugs and spelling mistakes
  • Network level Denial of Service (DoS/DDoS) vulnerabilities

Things we do not want to see:

  • Personally identifiable information of users (PII) that you may have found during your research

Rules

This bounty follows Bugcrowd’s standard disclosure terms.