tech support: support@athento.com
icon-phone + 34 932 20 23 14
icon-search Enter a Keyword
icon-login Login

Bug Bounty Program

No technology is perfect, and Athento believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you’ve found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

Disclosure Policy

  • Let us know as soon as possible upon discovery of a potential security issue, and we’ll make every effort to quickly resolve the issue. 
  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. 
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

Exclusions 

While researching, we’d like to ask you to refrain from:

  • Denial of service
  • Spamming 
  • Social engineering (including phishing) of Athento staff or contractors 
  • Any physical attempts against Athento property or data centers

Rewards

  • 250€ High-security issues that can cause a direct attack (CSRF, XSS, injections, etc.) 
  • 500€ Critical security issues (remote server access, direct data access, etc.)

Other

  •  Analysis should be done preferably on app4.athento.com
  • If you find a bug, the same bug should not be reported again (e.g. in a different form of the application) until we announce the fix.
  •  Vulnerability details with a proposed solution should be sent to support@athento.com

Thank you for helping keep Athento and our users safe!

Previously reported bugs

These are the bugs that others have reported previously:

  1. Password guessing authentication vulnerability (Brute Force). Fixed.
  2. Stored XSS in several forms. Fixed.
Time to try AthentoEnjoy Athento for free during one month

Do you want document management engaged users? Give them a fresh user interface, help them work less and still use a robust and powerful solution.

Try Athento