Keeper Security, Inc. Does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits. Keeper sharing technology uses secure RSA encryption to exchange the individual record keys. Therefore, in order to share or transfer a record to another user, the recipient must first have a Keeper account. Attempting to share to a user without a Keeper account will invite them to the platform.
Keeper is the leading password management and secure messaging platform for consumers and businesses.
- $150 – $4,500per vulnerability
- Partial safe harbor
- Managed by Bugcrowd
Keeper Security is transforming the way businesses and individuals protect their passwords and sensitive digital assets to significantly reduce cyber theft. Keeper is SOC 2 Certified, ISO 27001 Certified and utilizes best-in-class encryption to safeguard its customers. Keeper Security is committed to the industry best practice of responsible disclosure of potential security issues.
Guidelines:
This Vulnerability Disclosure Policy sets out expectations when working with good-faith hackers,
as well as what you can expect from us.
If security testing and reporting are done within the guidelines of this policy, we:
- Consider it to be authorized in accordance with Computer Fraud and Abuse Act,
- Consider it exempt from DMCA, and will not bring a claim against you for bypassing anysecurity or technology controls,
- Consider it legal, and will not pursue or support any legal action related to this programagainst you,
- Will work with you to understand and resolve the issue quickly, and
- Will recognize your contributions publicly if you are the first to report the issue and we make acode or configuration change based on the issue.If at any time you are concerned or uncertain about testing in a way that is consistent withthe Guidelines and Scope of this policy, please contact us before proceeding.To encourage good-faith security testing and disclosure of discovered vulnerabilities, we askthat you:
- Avoid violating privacy, harming user experience, disrupting production or corporate systems,and/or destroying data,
- Perform research only within the scope set out below, and respect systems and activitieswhich are out-of-scope,
- Contact us immediately if you encounter any user data during testing,
- Use the identified communication channels to report vulnerability information to us and,
- Keep information about any vulnerabilities you’ve discovered confidential until we’ve resolvedthem.
Ratings/Rewards:
For the initial prioritization/rating of findings, this program will use the Bugcrowd
Vulnerability Rating Taxonomy.
However, it is important to note that in some cases a vulnerability priority will be modified due
to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed
explanation will be provided to the researcher - along with the opportunity to appeal, and make
a case for a higher priority.
Docker aws configure. Note: To unwrap and display Vault <> Server communication, open the developer tools and type:
enableNetworkLog()
This will allow you to see the request/response to the server in JSON
On the Admin Console, the command to log additional request/response is:
api.shouldLog=true
VRT Changes:
- Any submissions stemming from throttling or spam testing will be rated as a P4.
Any domain/property of Keeper Security not listed in the targets section is out of scope. This
includes any/all subdomains not listed above.
Scope and rewards
Program rules
This program follows Bugcrowd’sstandard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja emailproblems), please email support@bugcrowd.com. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards forP5— Informational findings.Learn more about Bugcrowd’s VRT.
This bounty requires explicit permission to disclose the results of a submission.
Keepersecurity Chrome Extension
Developer(s) | Keeper Security Inc. |
---|---|
Initial release | January 2009 |
Operating system | Windows, macOS, Linux, Android, iOS,[1] |
Type | Password manager |
License | Software as a Service (SaaS) |
Website | keepersecurity.com |
Keeper is a password manager application and digital vault created by Keeper Security that stores website passwords, financial information and other sensitive documents[2] using 256-bit AES encryption, zero-knowledge architecture[3] and two-factor authentication.[4]
In 2018, Keeper was named 'Best Password Manager' by PC Mag[5] and nominated Editors' Choice with an 'Excellent' rating.[6] Keeper was rated 'Best Security' by Tom's Guide.[7]
Features[edit]
Files and passwords in Keeper can be synced, backed up in the cloud, encrypted with a 256-bit AES key derived from the user's master password using PBKDF2.[8] Every record in the user's private vault is encrypted and stored with a unique encryption key.[9] Keeper also addresses the problem of password fatigue, by autofilling login and password fields with stored information.[4] Sharing passwords between Keeper users is performed using 2048-bit RSA encryption.[10]
A feature called 'Keeper DNA' provides multi-factor authentication using connected devices, such as a smartwatch, to verify a user's identity when logging into the vault.[11]
BreachWatch is a feature that monitors the dark web for stolen passwords and notifies the user within their vault.[12]
KeeperChat, a secure communications platform was launched in March 2018 that provides encrypted messaging, self-destructing messages, retraction and two-factor authentication.[13]
Keeper is a free service for storing passwords on a single device and has an optional annual subscription with cross-device syncing.[14]
Keeper comes pre-loaded on the Orange Dive 70 smartphone,[3]Samsung phones, América Móvil phones[15] and most AT&TAndroid phones.[16] As of January 2015, Keeper has more than 9 million registered users[17] and works with over 3,000 companies.[18] Keeper is available for download on Android, iOS, Windows, Mac, Windows Phone, Linux, Kindle, and Nook,[19] and available as a browser extension for IE, Chrome, Firefox, Safari and Opera.[9] Keeper is also available for Microsoft Edge.[20] Download adobe illustrator 2019 mac.
Keeper for Business and Enterprise Use[edit]
Keeper Enterprise is a multi-tenant password management and secure file storage platform for businesses. Features include file sharing, user provisioning, auditing, reporting, Active Directory integration[9] and delegated administration,[18] all of which are available within a centralized admin console.[9] In June 2019 Keeper launched BreachWatch for business customers, a service which searches the Dark Web for login credentials exposed through a public breach and prevents credential stuffing or account takeover attacks.[21]
History[edit]
Keeper Security was founded in 2009 by Darren Guccione and Craig Lurey while on a business trip to China.[22] As of May 15, 2019 the company has 145 employees in Chicago, Northern California and Cork, Ireland.[23] There CMO is Scott Ablin
Incidents[edit]
In December 2017, Keeper was bundled with Windows 10 by Microsoft. Torrent download for mac catalina. Google security researcher Tavis Ormandy disclosed that the software recommended installing a browser addon which contained a vulnerability allowing any website to steal any password.[24] A nearly identical vulnerability was already previously discovered and disclosed to Keeper in 2016.[25][26] Within 24 hours the company issued a patch.[27][28] Days later, the company that makes Keeper sued Ars Technica claiming their article was defamatory and misleading.[29] The lawsuit was dismissed on March 30, 2018 and Ars Technica added further clarifications to the article.[30] Keeper launched a public vulnerability disclosure program with Bugcrowd following the lawsuit.[31]
Keeper Security Vault
See also[edit]
References[edit]
- ^Keeper. 'Download Password Manager for Mac, PC, Linux & More - Keeper'. Retrieved 8 February 2018.CS1 maint: discouraged parameter (link)
- ^Dallke, Jim (December 5, 2014). '15 Chicago Startups to Watch in 2015'. ChicagoInno. Retrieved February 1, 2015.CS1 maint: discouraged parameter (link)
- ^ abSeals, Tara. 'Orange Embeds Password Manager'. Retrieved 2015-09-28.CS1 maint: discouraged parameter (link)
- ^ abParker, Jason (April 18, 2014). 'Take control of password chaos with these six password managers'. CNET. Retrieved February 1, 2015.CS1 maint: discouraged parameter (link)
- ^Staff, By PCMag; November 20, 2018 9:00AM EST; November 20, 2018. 'The Best Tech Products of 2018'. PCMAG. Retrieved 2019-07-02.CS1 maint: numeric names: authors list (link)
- ^Rubenking, By Neil J.; December 6, 2017 4:50PM EST; December 6, 2017. 'Keeper Password Manager & Digital Vault'. PCMAG. Retrieved 2019-07-02.CS1 maint: numeric names: authors list (link)
- ^Wagenseil, Paul. 'Best Password Managers 2019'. Tom's Guide. Retrieved 2019-07-03.
- ^Rubenking, Neil (August 15, 2014). 'Keeper Password Manager & Digital Vault 8 Review & Rating'. PC Mag. Retrieved February 1, 2015.CS1 maint: discouraged parameter (link)
- ^ abcd'10 Password Managers For Business Use'. Retrieved 2015-09-29.CS1 maint: discouraged parameter (link)
- ^'Keeper Password Manager Review'. Security Baron. 2018-01-26. Retrieved 2019-07-03.
- ^'New products of the week 10.26.2015'. Network World. Retrieved 2015-11-18.CS1 maint: discouraged parameter (link)
- ^Krol, Jacob (2019-03-30). 'This password manager puts security and ease of use at the forefront'. CNN Underscored. Retrieved 2019-07-03.
- ^'Keeper Launches Secure Chat Platform'. Mobile ID World. 2018-03-14. Retrieved 2019-07-03.
- ^'10 Best Mobile Password Managers'. Retrieved 2015-09-29.CS1 maint: discouraged parameter (link)
- ^'Password-security startup lands Samsung, two big carriers'. Crain's Chicago Business. Retrieved 2015-11-18.CS1 maint: discouraged parameter (link)
- ^Rubenking, Neil (August 15, 2014). 'Keeper Password Manager & Digital Vault 8 Review & Rating'. PC Mag. Retrieved February 1, 2015.CS1 maint: discouraged parameter (link)
- ^'Keeper Security Sees Growth as America Movil Signs Up'. www.morningstar.com. 2016-01-12. Retrieved 2016-02-04.
- ^ abKuranda, Sarah. 'Keeper Security Launches Channel Program, New Enterprise Mobile Security Platform'. CRN. Retrieved 2015-09-29.CS1 maint: discouraged parameter (link)
- ^Rubenking, Neil (August 22, 2014). 'The Best Password Managers'. PC Mag. Retrieved February 1, 2015.CS1 maint: discouraged parameter (link)
- ^Sunita (2017-05-31). 'How to Install and Use Keeper Password Manager in Microsoft Edge'. Howtoconnect - How-to, Tips on Windows 10 | 8, Android, IOS, Banking. Retrieved 2019-07-03.
- ^Murphy, Ian (2019-06-25). 'Keeper searches Dark Web for password breaches -'. Enterprise Times. Retrieved 2019-07-02.
- ^'Can this app protect you from being hacked?'. Crain's Chicago Business. 2015-01-15. Retrieved 2019-07-02.
- ^'Password-security company boosting space, tripling local staff'. Crain's Chicago Business. 2019-05-15. Retrieved 2019-07-02.
- ^'Windows 10 included password manager with huge security hole'. Engadget. Retrieved 2017-12-20.
- ^'For 8 days Windows bundled a password manager with a critical plugin flaw'. Ars Technica. Retrieved 2017-12-20.
- ^Chirgwin, Richard (18 December 2017). 'Windows 10 bundles a briefly vulnerable password manager'. The Register. Retrieved 2017-12-20.
- ^Kovacs, Eduard (18 December 2017). 'Google Researcher Finds Critical Flaw in Keeper Password Manager'. Security Week.
- ^Security, Keeper (2017-12-15). 'Update for Keeper Browser Extension 11.4.4 - Keeper Blog'. Keeper Blog. Retrieved 2017-12-22.
- ^Whittaker, Zack. 'Security firm Keeper sues news reporter over vulnerability story'. ZDNet. Retrieved 2017-12-20.
- ^'Press releases | Ars Technica'. arstechnica.com. Retrieved 2019-07-02.
- ^'Keeper Security forms vulnerability disclosure program with Bugcrowd'. SearchSecurity. Retrieved 2019-07-02.