[IMPORTANT] Email verification link : security hole [Archive]

View Full Version : [IMPORTANT] Email verification link : security hole

toph83

06-19-2007, 01:48 PM

http://www.outspark.com/node/1241

This user put his email verification link in his signature (I don't know why he did that). If you click this link, you'll automatically log onto his account without having to enter any id/password. You'll then have full access of his account and will be able to post under his nickname.

Your Email Verification link should no longer work after you use it once, this isn't the case currently. If some people find a way to retrieve the users' email verification links, they'll be able to log onto their accounts easily.

nonhl05

06-20-2007, 06:34 AM

i say they let every one play beta

&#160;

---

*www.apples.com

Utakata

06-20-2007, 10:52 AM

^*** off-topic.

*Yeah that's a pretty big security flaw.

etoza

06-22-2007, 06:51 AM

That is not good, good thing you posted this before a lot of people clicked the link... I myself want my own account and would not go onto someone elses, All we have to do now is somehow get a GM to delete that guy's post, your post, &amp; ban that account from the server so no1 can use it...

Thats my idea** (GMS PLEASE READ)