Personal Capital

  • $150 – $4,000 per vulnerability
  • Safe harbor

Personal Capital -- No 'unresolved' findings

Hey Everyone,

Great news! Personal Capital has resolved all the findings to-date from their program. This means that --- with the exception of a few known issues and exclusions, which are stated on the brief --- there is a very low likelihood you will submit a duplicate finding. Please review below, as well as the brief, to fully understand the known issues and exclusions.

Known Issues & Exclusions:

  • Session invalidation on Password Reset & Change
  • User enumeration from login page
  • Any denial of service type attacks (either network, resource exhaustion or anything else)
  • User and email enumeration
  • Disclosure of known public files and other information disclosures that are not a material risk (e.g.: robots.txt)
  • Any attack or vulnerability that hinges on a user’s computer being first compromised

Thank you and happy hunting!
Steve @Bugcrowd