Targets

URLs

• https://vaults.lmnl.app
• https://api.lmnl.app
• https://prod-keys.lmnl.app

Reporting Format

• Send your report to [email protected]
• A detailed explanation of the issue, the potential impact of the vulnerability, and browser details used to perform the attack.
• Mandatory fields
  • Subject: subject should state vulnerability class
  • Prerequisites: List of tools/libraries/OS required to perform the attack
  • Steps to reproduce: a step-by-step guideline to reproduce the attack or a video recording while performing the attack.

Out of Scope

• Any targets besides the one mentioned in the target list.
• All third party applications used at Liminal
• The Liminal marketing website (www.lmnl.app)

Rules

• Please use your own account for testing or research purposes. Do not attempt to gain access to another user’s account or confidential information.
• Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
• When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced).
• Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.