By using this site, you agree to our Privacy Policy and our Terms of Use. Close
JOKA_ on 01 December 2016
Edit Thread
Zkuq said:
JOKA_ said:

Yeah, and the hash essentially becomes the password too.  If you copy your password cookie, log out, and then manually create the cookie you will be logged in without having to put your password in...

Oh right, simply copying the cookie works too. I didn't even think about that. If hashes are indeed used for authentication, I wouldn't be surprised if there was no salt either... Ah, combined with the lack of HTTPS, the security of this site sounds really scary. I hope no one's using this site through public WLAN. Best-case scenario, hashes are used for authentication because of the lack of HTTPS. Considering the overall security situation, I'm actually almost thinking that someone must already have hacked this site like years ago and no one's noticed.

So, uh, dev team (i.e. Trucks, I guess)? Maybe have a look at this security thingy over here because it seems kind of big? It seems there's at least two problems:

  • Hashes instead of passwords being used for authentication
  • The lack of HTTPS

EDIT:  The hashes also seem to fit the format generated by MD5. Ouch.

*deletes account*



Platinums: Red Dead Redemption, Killzone 2, LittleBigPlanet, Terminator Salvation, Uncharted 1, inFamous Second Son, Rocket League