Vulnerability disclosure program

LiveAgent aims to keep its service safe for everyone, and data security is of utmost importance. Our Vulnerability Disclosure Program is intended to minimize the impact any security flaws have on our tools or their users. LiveAgent’s Vulnerability Disclosure Program covers software partially or primarily written by Quality Unit.

If you are a security researcher and have discovered a security vulnerability in the Service, we appreciate your help in disclosing it to us privately and giving us an opportunity to fix it before publishing technical details.

LiveAgent will engage with security researchers when vulnerabilities are reported to us as described here. We will validate, respond, and fix vulnerabilities in support of our commitment to security and privacy. We won’t take legal action against, suspend, or terminate access to the Service of those who discover and report security vulnerabilities responsibly. LiveAgent reserves all of its legal rights in the event of any noncompliance.

Reporting

Share the details of any suspected vulnerabilities with the LiveAgent Development Team at support@liveagent.com. Please do not publicly disclose these details outside of this process without explicit permission. In reporting any suspected vulnerabilities, please include as much information as possible. If you want to submit multiple reports at once, please submit only one report (the most important if possible) and wait for a response.

Compensation

We are pleased to offer a bounty for vulnerability information that helps us protect our customers as a thanks to the security researchers who choose to participate in our bug bounty program. The regular bounty reward is $100 per vulnerability submitted and verified by our development team.

We will only reward the first reporter of a vulnerability. Duplicate reports will not be rewarded.

Scope

You may only test against a LiveAgent Account for which you are the Account Owner or an Agent authorized by the Account Owner to conduct such testing. For example:

  • *yourdomain*.ladesk.com

We will reward you for the following types of vulnerabilities:

  • Remote Command Execution (RCE)
  • SQL Injection
  • Broken Authentication
  • Broken Session Management
  • Access Control Bypass
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Open URL Redirection
  • Directory Traversal

Reports of when an attacker can only threaten his own account with Admin role only will not be rewarded with a bounty. XSS caused by an Admin will not be rewarded with a bounty.

In order to qualify, the vulnerability must exist in the latest public release (including officially released public betas) of the software. Only security vulnerabilities will qualify. We would love it if people reported other bugs via the appropriate channels, but since the purpose of this program is to fix security vulnerabilities, only bugs that lead to security vulnerabilities will be eligible for rewards. Other bugs will be accepted at our discretion.

Guidelines

Please adhere to the following guidelines in order to be eligible for rewards under this disclosure program:

  • Do not permanently modify or delete LiveAgent hosted data.
  • Do not intentionally access non-public LiveAgent data any more than is necessary to demonstrate the vulnerability.
  • Do not DDoS or otherwise disrupt, interrupt or degrade our internal or external services.
  • Do not share confidential information obtained from LiveAgent, including but not limited to member or donor payment information, with any third party.
  • Social engineering is out of scope. Do not send phishing emails to, or use other social engineering techniques against, anyone, including QualityUnit staff, members, vendors, or partners.

In addition, please allow us at least 90 days to fix the vulnerability before publicly discussing or blogging about it. Our team believes that security researchers have right to report their research and that disclosure is highly beneficial, and understands that it is a highly subjective question of when and how to hold back details to mitigate the risk that vulnerability information will be misused. If you believe that earlier disclosure is necessary, please let us know so that we can begin a conversation.

Change log

We publicly inform about all fixed security issues through our change log. Issues related to security are marked by tag [Security].

Related Articles
Great customer service starts with better Help Desk Software. See the benefits of LiveAgent and get started with it in 5 minutes.

Provide excellent customer service.

LiveAgent offers a comprehensive customer care solution with features like live chat, call center, ticketing system, social media support, and knowledge base. It provides excellent customer service and helps increase revenue.

Your data is always backed up with LiveAgent. We have multiple data centers around the world, so you don't have to worry about losing important information.

Multiple data centers

LiveAgent is a versatile help desk solution that can be used in various industries. It offers benefits such as no setup fee and 24/7 customer service. With it, businesses can improve their customer experience, reduce response times, and decrease ticket volume. It is adaptable to the needs of different industries, with use cases and testimonials available. Businesses can try a free trial for 7 or 30 days, and no credit card is required. Additionally, LiveAgent is a helpful tool for businesses seeking assistance with their customer support needs.

Based on conditions you can execute multiple tasks either directly in LiveAgent by executing rules or in third party applications through API.

Target

LiveAgent is a customer service software that improves efficiency and communication in customer support. It offers personalized experiences and various features like unified inbox and customization options. LiveAgent aims to streamline customer inquiries and increase efficiency in managing them.

Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website.

HTTPS encryption

LiveAgent is a reliable customer support software with a high rating. It offers customization options and integrations with hundreds of tools through API. LiveAgent also has an iOS app and an automated callback feature to increase customer satisfaction. Pricing starts at $9/month/agent and a free trial is available. A demo can be scheduled on multiple dates. Contact forms and chats are available, with cookies needed. Installation progress is shown with a loading bar.

Our website uses cookies. By continuing we assume your permission to deploy cookies as detailed in our privacy and cookies policy.