Choose a language:

Responsible Disclosure Program

Secure Safe

Help us improve Queue-it

No technology is perfect, and Queue-it believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue, please notify us at security@queue-it.com. If your vulnerability report affects a product or service of Queue-it, you will receive a bounty for bringing the issue to our attention.

In addition, if you are interested in participating our Private Bug bounty program as a security researcher, please contact us. 

Out of scope issues: 

Queue-it retains sole discretion in determining which submissions are qualified for a reward. The following issues are considered out of scope for this program:

 

  • General low severity issues reported by automated scanners 
  • Exploits involving specific tenant's/customer's customized waiting pages: The management portal allows JS/HTML customization of queue pages by design 
  • Attacks requiring MITM or physical access to a user's device 
  • Brute force attacks 
  • CSRF vulnerabilities on unauthenticated forms or forms with no security impact 
  • Social engineering or phishing attacks targeting users or staff 
  • Software version disclosure / Banner identification issues 

Reporting Vulnerabilities

email: security@queue-it.com

Please include

  1. The description of the security vulnerability
  2. Affected hosts/endpoints
  3. Steps to reproduce the issue
  4. Proofs (requests/responses, screenshots, etc)
"