TLDR; Reach out to us through a GitHub Private Vulnerability Report.
Iceblink is a 2FA authentication app developed by Snowcone Labs. We take security extremely seriously in our products, and value efforts by security researchers. If you have found a potentional security issue, we encourage you to report it. TA his will improve the security of our users, and your contribution will be highlighted unless requested otherwise. After reporting a vulnerability, we aim to provide a first response within 48 hours. Developing a fix will be prioritized. After discussing the patch with the reporter, we will create a release documenting the security issue. A GitHub security advisory will also be published.
- The latest version of Iceblink
- Publicly deployed instances of Iceblink in production
- Vulnerabilities on other software than Iceblink
- Missing best practices without reasonable path to vulnerability
- Client-side desync
- SSL/TLS best practices
- Email server best practices
- Verbose error messages
- Leakage of source code
- Self-XSS
- Phishing
- Social engineering
- Unauthenticated / low impact CSRF