Crack 1Password’s Vault to Win up to $100,000

AgileBits, the developers of 1Password app for iOS and Mac, have quadrupled the maximum possible reward in their bug bounty program from $25,000 to $100,000 (via TNW). In order to earn the full reward, researchers must demonstrate an ability to crack the secure vault technology used by 1Password to store credentials.

1Pass

A special researcher vault has been created by AgileBits, which contains some bad poetry, which the researchers are to target. To assist further, 1Password provides supplemental documentation containing real recent issues, in order to give direction to where more issues may be present.

Reward Guidelines

Only capturing the unencrypted “bad poetry” flag is eligible for the $100k reward. See below for more details. All other findings will be prioritized as per the Bugcrowd Vulnerability Rating Taxonomy.

Priority – Reward Amount (*up to)

  • P1 –  $5,000
  • P2 –  $1,000
  • P3 –  $200
  • P4 –  $100
1Password will also accept flaw-hypothesis submissions, without penalty, and will work with you to develop a reasonable hypothesis into a working exploit, should one be possible.

Users can opt-in by emailing julie@agilebits.com with their Bugcrowd username, after which they’ll be provisioned account access to the vault where 1Password provides supplemental information for testing against the application, including documentation on real issues that were recently found, and more.

For more information, click here.

“Technology runs through my veins...” | Follow me: @DrUsmanQ usman@iPhoneinCanada.ca

  • I have made 104,000 thousand dollars last year by doing an online job from my house and I did it by wor­king part-time f­­o­­r 3+ hours a day. I followed work opportunity I stumbled upon from this website i found online and I am so excited that i made such great money. It’s user friendly a­­n­­d I’m just so blessed that I found out about it. Check out what I did… http://s­.­id/1dR

  • Michal

    wow, this sounds totally not fake… even the legit looking url
    /s