Keeper is the leading password management and secure messaging platform for consumers and businesses.
Established in 1994, Keeper Security has over 25 years of experience in the fire and security industry and is recognised as one of the leading safety companies in the market. We specialise in Fire Alarms, CCTV, Burglar Alarms, Access Control, Intercom and Fire Suppression. Keeper Security Website (US) Operational 90 days ago 99.99% uptime Today. Keeper Web Vault? Operational 90 days ago 99.99% uptime Today. Keeper Security Website (EU) Operational 90 days ago 100.0% uptime Today. Keeper Web Vault (EU) Operational 90 days ago 99.98.
About Keeper Security Keeper is the leading password manager and digital vault. It helps millions of people and thousands of businesses substantially mitigate the. Keeper Security is transforming the way businesses and individuals protect their passwords and sensitive digital assets to significantly reduce cyber theft. Keeper is SOC 2 Certified, ISO 27001 Certified and utilizes best-in-class encryption to safeguard its customers. Keeper Security is committed to the industry best practice of responsible. Keeper is the world's #1 most downloaded password keeper and secure digital vault for protecting and managing your passwords and other secret information. Millions of people use Keeper to protect their most sensitive and private info.
- $150 – $4,500per vulnerability
- Partial safe harbor
- Managed by Bugcrowd
Keeper Security is transforming the way businesses and individuals protect their passwords and sensitive digital assets to significantly reduce cyber theft. Keeper is SOC 2 Certified, ISO 27001 Certified and utilizes best-in-class encryption to safeguard its customers. Keeper Security is committed to the industry best practice of responsible disclosure of potential security issues.
Guidelines:
This Vulnerability Disclosure Policy sets out expectations when working with good-faith hackers,
as well as what you can expect from us.
If security testing and reporting are done within the guidelines of this policy, we:
- Consider it to be authorized in accordance with Computer Fraud and Abuse Act,
- Consider it exempt from DMCA, and will not bring a claim against you for bypassing anysecurity or technology controls,
- Consider it legal, and will not pursue or support any legal action related to this programagainst you,
- Will work with you to understand and resolve the issue quickly, and
- Will recognize your contributions publicly if you are the first to report the issue and we make acode or configuration change based on the issue.If at any time you are concerned or uncertain about testing in a way that is consistent withthe Guidelines and Scope of this policy, please contact us before proceeding.To encourage good-faith security testing and disclosure of discovered vulnerabilities, we askthat you:
- Avoid violating privacy, harming user experience, disrupting production or corporate systems,and/or destroying data,
- Perform research only within the scope set out below, and respect systems and activitieswhich are out-of-scope,
- Contact us immediately if you encounter any user data during testing,
- Use the identified communication channels to report vulnerability information to us and,
- Keep information about any vulnerabilities you’ve discovered confidential until we’ve resolvedthem.
Ratings/Rewards:
For the initial prioritization/rating of findings, this program will use the Bugcrowd
Vulnerability Rating Taxonomy.
However, it is important to note that in some cases a vulnerability priority will be modified due
to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed
explanation will be provided to the researcher - along with the opportunity to appeal, and make
a case for a higher priority.
Note: To unwrap and display Vault <> Server communication, open the developer tools and type:
enableNetworkLog()
This will allow you to see the request/response to the server in JSON
On the Admin Console, the command to log additional request/response is:
api.shouldLog=true
Keeper Security Login
VRT Changes:
- Any submissions stemming from throttling or spam testing will be rated as a P4.
Keeper Security Phone Number
Any domain/property of Keeper Security not listed in the targets section is out of scope. This
includes any/all subdomains not listed above.
Scope and rewards
Program rules
This program follows Bugcrowd’sstandard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja emailproblems), please email support@bugcrowd.com. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards forP5— Informational findings.Learn more about Bugcrowd’s VRT.
This bounty requires explicit permission to disclose the results of a submission.
Special Offer: Get Free Family Plans for All of Your Employees
Get StartedProtect your organization with the leading cybersecurity platform for preventing password-related data breaches and cyberthreats.
The market-leading solution for your business
Keeper manages your passwords to prevent data breaches, improve employee productivity, cut helpdesk costs and meet compliance standards.
Best-in-Class Security
Keeper uses a proprietary zero-knowledge security architecture and is the most audited and certified product on the market. Keeper protects your business and client data with the privacy, security and confidentiality requirements of your industry.
Ease of Use
Keeper has an intuitive user interface for computers, smartphones and tablets that can be deployed rapidly with no upfront equipment or installation costs.
Ultimate Flexibility
Keeper’s configurable roles, role-based permissions and admin privileges align with your organizational structure and policies. Keeper scales for businesses of all sizes.
Responsive Support
Business customers have access to 24/7 customer support and exclusive training from dedicated support specialists.
Trusted by millions of people and thousands of businesses
Get Started Today
Protect vulnerable entry points to your business by improving password behavior and security.
Are you a personal user? Create an AccountInstall the App