Location

Buy used car
Buy Used Cars in India
Change city
Browse by City
Browse by City
Used Cars in Delhi NCR
Used Cars in Bangalore
Used Cars in Hyderabad
Used Cars in Mumbai
Used Cars in Chennai
Used Cars in Pune
Used Cars in Ahmedabad
Used Cars in New Delhi
Used Cars in Noida
Used Cars in Kochi
Used Cars in Ghaziabad
Used Cars in Surat
Used Cars in Gurgaon
Used Cars in Coimbatore
Used Cars in Chandigarh
View all cities
Buy Cars online
Sell car
Sell used cars
Used Car Valuation
Sell car in Delhi
Sell car in Mumbai
Sell car in Bangalore
Sell car in Hyderabad
Sell car in Ahmedabad
Sell car in Gurgaon
Sell car in Chennai
Sell car in Pune
Sell car in Noida
Sell car in Ghaziabad
Sell car in Lucknow
Sell car in Jaipur
Sell car in Kolkata
Sell car in Kochi
Sell car in Indore
Car finance
Car Finance
Used car loan
Used car loan eligibility
Used car loan interest rates
Used car EMI calculator
New cars
Popular Brands
Popular Cars
Car By Body Type
Cars By Price Range
Explore New Cars
Compare
Popular Brands
Popular Cars
Hyundai Creta
Mahindra Thar
Tata Nexon
Tata Punch
Maruti Swift
Kia Seltos
Car By Body Type
Sedan
SUV
Hatchback
MUV
Cars By Price Range
Under 5 Lakhs
Under 10 Lakhs
Under 15 Lakhs
Under 20 Lakhs
Car services
Car Services
View & Pay Challan
Car Service History
Car Servicing & Repair
Car Scrap
Check vehicle details
Hire a driver
Pre delivery Inspection
Driving School

Hello, Sign inAccount

My Appointments

SELL

My Bookings

BUY

My Orders

Security at CARS24

CARS24 is a next-generation eCommerce platform for pre-owned cars. We provide the best in class experience for car buyers by offering a wide assortment of certified cars that are home delivered with a click of a button while sellers get the best price of their vehicles in less than an hour.

At CARS24, we prioritise the security and privacy of our customers, especially when it comes to handling customer data. We are dedicated to providing a secure environment for our customers and appreciate the invaluable role that security researchers and experts play in identifying and addressing potential vulnerabilities.

🔥 Hall of Fame 🔥

Researchers that were provided with the title

Ben H

Chirag Saini

Shivam Shrivastav

Eligilibility for participation

You are responsible for complying with any applicable laws. You are not eligible to participate in this program if you are currently an employee of CARS24 or any of its subsidiaries.

Reports from former employees, the immediate family of current employees, or other associates of CARS24 that may present a conflict of interest in the program's goals will be more thoroughly reviewed. They may not qualify for the stated bounty awards at CARS24’s discretion.

Vulnerability Disclosure Policy

In order to protect our customers, we need to make sure that any reporting is done responsibly so we reserve the right to take any actions, including legal action, if the guidelines below are not followed:

By submitting a vulnerability report, you agree not to disclose the details to any third party without CARS24’s written consent
Please ensure that the privacy and safety of our customers are not compromised
Refrain from disrupting or degrading our services
Do not engage in any fraudulent activities
Provide sufficient detail for us to reproduce and validate the vulnerability, including the specific targets, steps taken, tools used, and any relevant artifacts
Allow a reasonable timeframe for CARS24 to address the vulnerability before seeking updates or taking further action

Upon submission of your finding, you are agreeing with the terms & conditions and are liable to the NDA

In-Scope

The program covers a range of CARS24 platforms, including our website, mobile applications, backend services and APIs.

CARS24 Web Applications (*.cars24.com)
CARS24 mobile applications (iOS and Android)
CARS24 related backend services and APIs

Out-of-Scope

Previously reported vulnerabilities
Accessible non-sensitive files (e.g., README.TXT, robots.txt) and missing HTTP security headers.

Phishing attacks, email spoofing (e.g., lack of SPF, DKIM), and related social engineering risks

Self-XSS, text injection, and clickjacking vulnerabilities with minor CSRF issues.

Insecure error handling (e.g., stack traces, path disclosure), lack of security headers and lack of Secure/HTTPOnly cookie flags.

TLS/SSL weaknesses (e.g., weak ciphers, expired certificates) and outdated software.

Distributed Denial of Service (DDoS) attacks and third-party service vulnerabilities outside CARS24’s control.

Reporting Vulnerabilities

If you discover a potential vulnerability, please submit a detailed report via email to cyber-security@cars24.com along with the following information:

A clear description of the vulnerability
Steps to reproduce the issue
Impact assessment (e.g., potential data exposure or system compromise)
Any relevant screenshots/video or code snippets

SLA

CARS24 will make the best effort to meet the following SLAs for hackers & researchers participating in our program:

Time to first response (from report submit) - 7 business day
Time to triage (from the first response) - 7 business days
Time to closure (from triage) - between 10 and 15 business days

Bounty Structure

CSVSS Score	Rating	Rewards
9.0 - 10.0	P1 - Critical	Hall of Fame & Email of recommendation
7.0 - 8.9	P2 - High	Hall of Fame
4.0 - 6.9	P3 - Medium	Hall of Fame
0.1 - 3.9	P4 - Low	Acknowledgement

Legal Safe Harbor

CARS24 supports ethical research and will not take legal action against researchers who comply with the program’s rules. We will not pursue any claims against you for vulnerabilities reported in good faith under this program.

Conclusion

We value the contributions of the cybersecurity community in enhancing the security of CARS24. Your efforts are crucial in helping us protect our customers’ information and ensure a secure environment for all users. Thank you for your commitment to making CARS24 a safer place!

Reach out to us at cyber-security@cars24.com
Happy hacking :)