Program Removed
This program is no longer available on YesWeHack. The scope data shown below is historical and may not reflect the final state of the program.
franceconnect-proconnect-public
9
In Scope
7
Out of Scope
In-Scope Assets (9)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| eidas bridge | OTHER | Yes | - | |
| eidas bridge | URL | Yes | - | |
| franceconnect | OTHER | Yes | - | |
| franceconnect | URL | Yes | - | |
| franceconnect+ | OTHER | Yes | - | |
| franceconnect+ | URL | Yes | - | |
| specific scenarios (see program description) | OTHER | Yes | - | |
| user dashboard | URL | Yes | - | |
| user dashboard | OTHER | Yes | - |
Out-of-Scope Assets (7)
| Asset | Category | Bounty | |
|---|---|---|---|
| all partners and all mocks are out of scope (but you can use the deployed mocks at your discretion to attack the scope) | OTHER | Yes | |
| docker.dev-franceconnect | WILDCARD | Yes | |
| gouv.fr | WILDCARD | Yes | |
| https://fcp.integ01.dev-franceconnect.fr | URL | Yes | |
| https://fcp.integ01.dev-franceconnect.fr | OTHER | No | |
| the production environment (*.gouv.fr) is out of scope | OTHER | No | |
| the local stack (*.docker.dev-franceconnect) is a powerful tool for you to understand the internals processes but is out of scope (the exploit should as well work in the scope to qualify) | OTHER | No |
Scope Changes (32)
Mar 30, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Program Removed | — | — | — | 09:21 |
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | franceconnect (see program description for github link) | OTHER | In Scope | 19:08 |
| Added | all partners and all mocks are out of scope (but you can use the deployed mocks at your discretion to attack the scope) | OTHER | Out of Scope | 19:08 |
| Added | the local stack (*.docker.dev-franceconnect) is a powerful tool for you to understand the internals processes but is out of scope (the exploit should as well work in the scope to qualify) | WILDCARD | Out of Scope | 19:08 |
| Added | the production environment (*.gouv.fr) is out of scope | WILDCARD | Out of Scope | 19:08 |
| Added | franceconnect+ (see program description for github link) | OTHER | In Scope | 19:08 |
| Added | eidas bridge (see program description for github link) | OTHER | In Scope | 19:08 |
| Added | user dashboard (see program description for github link) | OTHER | In Scope | 19:08 |
| Added | https://fcp.integ01.dev-franceconnect.fr | URL | Out of Scope | 19:08 |
| Added | specific scenarios (see program description) | OTHER | In Scope | 19:08 |
Feb 22, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | the production environment (*.gouv.fr) is out of scope | WILDCARD | Out of Scope | 00:51 |
| Added | https://fcp.integ01.dev-franceconnect.fr | URL | Out of Scope | 00:51 |
| Added | franceconnect+ (see program description for github link) | URL | In Scope | 00:51 |
| Added | franceconnect (see program description for github link) | URL | In Scope | 00:51 |
| Added | all partners and all mocks are out of scope (but you can use the deployed mocks at your discretion to attack the scope) | OTHER | Out of Scope | 00:51 |
| Added | specific scenarios (see program description) | OTHER | In Scope | 00:51 |
| Added | eidas bridge (see program description for github link) | URL | In Scope | 00:51 |
| Added | user dashboard (see program description for github link) | URL | In Scope | 00:51 |
| Added | the local stack (*.docker.dev-franceconnect) is a powerful tool for you to understand the internals processes but is out of scope (the exploit should as well work in the scope to qualify) | WILDCARD | Out of Scope | 00:51 |
Feb 21, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Removed | specific scenarios (see program description) | OTHER | In Scope | 21:40 |
| Removed | franceconnect+ (see program description for github link) | URL | In Scope | 21:40 |
| Removed | franceconnect (see program description for github link) | URL | In Scope | 21:40 |
| Removed | eidas bridge (see program description for github link) | URL | In Scope | 21:40 |
| Removed | user dashboard (see program description for github link) | URL | In Scope | 21:40 |
| Removed | all partners and all mocks are out of scope (but you can use the deployed mocks at your discretion to attack the scope) | OTHER | Out of Scope | 21:40 |
| Removed | the local stack (*.docker.dev-franceconnect) is a powerful tool for you to understand the internals processes but is out of scope (the exploit should as well work in the scope to qualify) | OTHER | Out of Scope | 21:40 |
| Removed | the production environment (*.gouv.fr) is out of scope | OTHER | Out of Scope | 21:40 |
| Removed | https://fcp.integ01.dev-franceconnect.fr | OTHER | Out of Scope | 21:40 |
| Added | the local stack (*.docker.dev-franceconnect) is a powerful tool for you to understand the internals processes but is out of scope (the exploit should as well work in the scope to qualify) | OTHER | Out of Scope | 00:33 |
| Added | the production environment (*.gouv.fr) is out of scope | OTHER | Out of Scope | 00:33 |
| Added | https://fcp.integ01.dev-franceconnect.fr | OTHER | Out of Scope | 00:33 |
| Added | all partners and all mocks are out of scope (but you can use the deployed mocks at your discretion to attack the scope) | OTHER | Out of Scope | 00:33 |