Carbon blue background

TeamViewer Bug Bounty program

Earn rewards of up to €10,000 for identifying critical security vulnerabilities in our products.

About the Bug Bounty program

TeamViewer connects millions of people and machines around the world every day. The security of our software is an integral part of our corporate culture and our value proposition. With the Bug Bounty program, we want to motivate security researchers and ethical hackers around the world to check our products for security.

Information security at TeamViewer

We make no compromises when it comes to the security of our application. We follow a security-by-design approach and regularly check the security of our software and infrastructure through code reviews, internal and external penetration tests, and automated measures. Despite all our efforts, 100% security of IT systems can never be guaranteed. We strive to offer the greatest possible security and are committed to pursuing this with transparency and dedication.

With our Bug Bounty Program, we open ourselves up to a wide circle of security experts (crowdsourced penetration testing) in order to offer our customers and users the best possible protection against data loss and cyber attacks.

Rewards

TeamViewer pays rewards of up to €10,000 for a critical security vulnerability (according to CVSS). Further details are explained in the program description. In addition, we have a public Hall of Fame for the best contributions.

Scope

The Bug Bounty program currently includes the following products and services:

  • TeamViewer Remote (Desktop/Mobile/Web)

 

Backend services that interact directly with the client applications are also included in the Bug Bounty Program. Further details on the scope and exceptions are listed in the program description.

Rules

Any kind of denial-of-service attacks are strictly prohibited, as well as interventions in the network and company infrastructure of TeamViewer. Further details can be found in the program description.

How to get started

  • Start

    Read the description and rules of the Bug Bounty program carefully.

  • Registration

    Sign up for YesWeHack.

  • Report

    Create a vulnerability report. Add as much information as possible.

  • Review

    Wait for an answer. An initial response is usually sent within 1-2 working days. We will start the review immediately and get back to you afterwards.

  • Reward

    If your report is accepted, you will receive an automatic payment of your bounty.

Frequently asked questions

TeamViewer is a CVE Numbering Authority (CNA) and strictly follows the CVE rules for publishing vulnerabilities.

Our security experts review the report and determine the score in accordance with the CVSS 3 evaluation scheme.

A report can be rejected for any number of reasons:
  • The report describes a vulnerability outside the scope of the bug bounty program
  • The report was rated with CVSS 0.0 (Informative)
  • The report violates the rules of the program
  • The reported vulnerability is already known to TeamViewer

Visit our VDP page for reporting vulnerabilities outside the Bug Bounty Program. Please note that no monetary rewards are paid there.

Do you want to report a security issue?

TeamViewer’s security team will investigate every submission in our Vulnerability Disclosure Program (VDP).