Personal Capital

  • $150 – $4,000 per vulnerability
  • Safe harbor

Personal Capital -- All previous issues resolved

Hey Team,

With the exception of the two known-issues, which are described on the brief and outlined below, Personal Capital has resolved all findings to date on this program. This means there is a very low likelihood of submitting a duplicate finding, and could be a good opportunity to find new issues.

They've also recently increased rewards on the program :-)

Happy Hunting,
Steve @Bugcrowd

Known Issues

The following are either known issues we don't want to fix or already known and pending.

  • Session invalidation on Password Reset & Change - We're aware of this, our auth system is a bit more complex so such things have lower impact. We may change this behavior later but this is a known thing.
  • User enumeration from login page - That's a design decision.