Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Password and security issues


Recommended Posts

* I cannot login using correct username, password, and 2FA token.

 

* I am able to get logged in by doing a password recovery

 

* Password recovery is a complete security bypass: anyone who has access to my email can get into my account even without having my 2FA device

 

* The bypass link works multiple times in different browsers, rather than properly expiring after a single use.

 

* Changing my password once logged in via bypass does not resolve the original problem

 

* other users confirm identical experiences

 

so in short, your authentication system is not working properly, and your bypass system is a massive security hole.

Official "Bad Person" of Crowfall

"I think 1/3rd of my postcount is telling people that we aren't turning into a PvE / casual / broad audience game." -

Tully

Link to comment
Share on other sites

*confirmed*

 

before fixing this though, make sure 2FA works correctly.. 'cause I only managed to login thanks to this bug... 2FA doesn't work 90% of the time for me

Edited by Fenris DDevil

y9tj8G5.png

Link to comment
Share on other sites

Additionally, requesting multiple "password reset" emails does not invalidate previous "password reset" links.

I mean, I'm assuming "fluffer" is just another pjorative term for carebears, whales, etc. Of course, I could be incorrect, but I doubt it.

Link to comment
Share on other sites

Issues not yet corrected; see discussion in the news thread.

Official "Bad Person" of Crowfall

"I think 1/3rd of my postcount is telling people that we aren't turning into a PvE / casual / broad audience game." -

Tully

Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...