onfido

YesWeHackView on YesWeHack

RawAI Enhanced

13

In Scope

7

Out of Scope

In-Scope Assets (13)

Asset	Category	Bounty	Quick Links
*.identity.entrust.com	WILDCARD	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
*.onfido.com	WILDCARD	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
*.onfido.partners	WILDCARD	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://api.eu-west-1.pre-prod.onfido.xyz/	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://dashboard-api.eu-west-1.pre-prod.onfido.xyz	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://dashboard.eu-west-1.pre-prod.onfido.xyz	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://dashboard.eu-west-1.pre-prod.onfido.xyz/users/sign_up?email=	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://github.com/EntrustCorporation/IdvSDK-Android/	OTHER	Yes	-
https://github.com/EntrustCorporation/IdvSDK-ReactNative	OTHER	Yes	-
https://github.com/EntrustCorporation/IdvSDK-iOS	OTHER	Yes	-
https://id.eu-west-1.pre-prod.onfido.xyz	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://onfido-pre-prod.app	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://superset.eu-west-1.pre-prod.onfido.xyz/	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa

Out-of-Scope Assets (7)

Asset	Category	Bounty
"Flag an Issue" is the function to send ticket to our ticketing system. Please do not create new tickets when testing and consider it out of scope.	OTHER	Yes
"Leave us some feedback" is a button to send feedback about analytics to a 3rd party integration. Please consider it as out of scope.	OTHER	Yes
Any Third Parties or Software we don't own	OTHER	Yes
Any asset not explicitly in scope	OTHER	Yes
In this staging environment we enabled a feature that allows all checks to be completed and get a result (eg. passed or consider). This outcome, however, is to be considered out of scope as the checking process is not actually entirely performed, but only serves to mark a check as complete and allow researchers to use functions that are only available when a check is in this status (such as generate a report).	OTHER	Yes
Known issues detailed below	OTHER	Yes
Only `.identity.entrust.com` is within the scope of this program so please note that assets under the broader `.entrust` domain are out of scope	OTHER	Yes