Security

Security vulnerabilities with our systems are eligible for bounties. Please contact security@shadowinternet.ca for more information, or to submit a security issue.

Maximum bounty available: $5,000 CAD

Eligible systems

• Root/write access to core network devices: routers, switches, optical line terminal, etc.
• Reaching login page of core routers or switches
• Unauthorized access to customer data in CRM
• Access to WiFi controller software to view customer data/traffic or to modify configuration
• Root access to customer premise equipment (wifi routers, outside antennas, optical network terminal)
• Access to Network Management software to view or modify data
• Logged in shell access to servers on the domains shadowinternet.ca, shadowinter.net
• Webpages that disclose private customer data
• Access to internet without an active service

Ineligible systems/methods

• Denial of Service attacks
• Reaching login pages of: CRM, WiFi controllers, Customer Premise Equipment (wifi routers, outside antennas, optical network terminal), or other software
• CSRF attacks
• Referrer header
• WAF bypass
• Web page bugs that don't allow access to customer data or internal systems