Very serious error !!!

HaikaissHaikaiss Member
in Bug Reports
there is an error in the link to modify the account password that if you change the email in the link in the end you simply mock and send the password to another email not intentionally addressed.

in the images shown below we can see that when we change the email at the end of the link it is sent to another recipient causing an account theft.

Comments

  • Cafe De TernoCafe De Terno Member
    I helped him found it ..... good luck trying fix it @SirKewberth @CosmicCow

    It is too serious ...
  • HaikaissHaikaiss Member
    lucaaa795 said:

    Not that much of a problem...?
    The code that is made of digits and letters is the main key to identify which account gets the password resetted..
    To guess that code for a specific personal you'd need luck and actually skills if it is even possible.
    The new password gets sent to another email because the owner of the account replaced the email with another email and not some random guy.It's his responsability if he starts to mess with the given link.
    Simply enough, don't change the email adress (why would you even mess with the link you get lol) and everything runs fine..

    if you are not worried try telling me the password exchange link of your account :)
    You and I will have the password exchange code.
  • HaikaissHaikaiss Member
    lucaaa795 said:

    O tal do pretinho. said:

    lucaaa795 said:

    Not that much of a problem...?
    The code that is made of digits and letters is the main key to identify which account gets the password resetted..
    To guess that code for a specific personal you'd need luck and actually skills if it is even possible.
    The new password gets sent to another email because the owner of the account replaced the email with another email and not some random guy.It's his responsability if he starts to mess with the given link.
    Simply enough, don't change the email adress (why would you even mess with the link you get lol) and everything runs fine..

    if you are not worried try telling me the password exchange link of your account :)
    You and I will have the password exchange code.
    Yeah no nobody would give the link away lol.
    Just keep the code for yourself and all this problem gets solved instantly..
    Also i think it falls under the category of tempering with files..Or links whatever it is in this case which means that this cannot be solved that easy and that this is not a bug, but more likely a link design flaw if it is that even.
    Did you know that most people who are robbed are naive?
    there are many age groups of ages who play this game many easily induced children
  • gdog gdog Retired Moderator
    edited January 2018
    The chances of this happening are close to zero.
    For someone to be that naive but at the same time be competent enough to understand the steps required to actually give this information to someone is nil.
Sign In or Register to comment.

© Vanilla Keystone Theme 2024