By using this site, you agree to our Privacy Policy and our Terms of Use. Close
Zkuq on 01 December 2016
Edit Thread
AZWification said:
Zkuq said:

Oh right, simply copying the cookie works too. I didn't even think about that. If hashes are indeed used for authentication, I wouldn't be surprised if there was no salt either... Ah, combined with the lack of HTTPS, the security of this site sounds really scary. I hope no one's using this site through public WLAN. Best-case scenario, hashes are used for authentication because of the lack of HTTPS. Considering the overall security situation, I'm actually almost thinking that someone must already have hacked this site like years ago and no one's noticed.

So, uh, dev team (i.e. Trucks, I guess)? Maybe have a look at this security thingy over here because it seems kind of big? It seems there's at least two problems:

  • Hashes instead of passwords being used for authentication
  • The lack of HTTPS

EDIT:  The hashes also seem to fit the format generated by MD5. Ouch.

Poor Trucks, he could really use some help right now..

Definitely. :D These issues are something I might event want to help with myself, except for the fact that I don't know much more than some basics about any kind of web development. (And I'm also quite busy with my studies most of the time.)