[TPSA21-37] Securing Tencent Online Video: Earn up to 4X the bounties!


Great news! We are launching a bounty promotion specially for Tencent Online Video assets, where you can earn up to 4X the usual bounty amounts!!

Promotion Duration: Starting from August 9th (02:00 UTC) to August 20th (09:00 UTC)

1. Promotion Bounties

Critical Severity Vulnerabilities: 4X bounty multiplier
High Severity Vulnerabilities: 2X bounty multiplier

The standard Tencent bounty structure can be found here and bounty multipliers will be calculated based on the standard amounts offered: https://en.security.tencent.com/index.php/policy

2. Assets In-Scope

1) Tencent Video assets:

2) Tencent Weishi Video assets:

3. Testing Guidance and Promotion Notes

Accessing the assets:
1) Download WeTV, the international version of Tencent Video, on the Apple App Store or Google Play Store.

2) Download Tencent Video here: https://v.qq.com/biu/download

Please note that Tencent Video Android Extreme Edition and iPhone Extreme Edition are not included in the promotion scope.

3) Download weishi here: https://weishi.qq.com/

Important Notes

1) Submission of reports: Please include the title “Securing Tencent Online Video” in the subject of your vulnerability report during submissions

2) Please note that all Client-side vulnerabilities surfaced will need to be reproduced using the application’s latest version based on the provided links/app stores.

3) However, server-side vulnerabilities are not required to be reproduced in the latest version of the applications.

Please note that the usual policy rules and assessment guidelines will apply for this promotion. Kindly ensure that you review the Tencent Policy Page to familiarise yourself.

Submit Report
You are to submit your reports to TSRC directly via https://en.security.tencent.com/index.php/report/add

Good luck and we look forward to working with you to enhance our security!

We look forward to receiving your reports and working with you to enhance our security! All the best!