EVE Online's shiny new forums launched last week, but they didn't stay up for long. According to a
new dev blog entry, helpful players helped point out a wide variety of possible vulnerabilities in the forums. Players could:
- Post as anyone.
- Read any forum anyone had access to.
- Inject HTML (NOT SCRIPT) into your signature.
- Inject HTML (and possibly script) in the post reporting feature. (Something someone without roles would not have been able to see i.e. not you unless you were exploiting)
- Edit anyone else's posts
CCP Sreegs said that CCP doesn't see any way for players to access your personal information or credit cards. "In essence, the vulnerabilities were limited to people's ability to escalate their privileges on the forum itself and nowhere else," he said.
Sreegs also commented that he trying to formalize a program that will reward players who provide information that helps CCP better secure their systems. Regardless, it's always a good idea to submit vulnerabilities if you find them.
More...
Arcade
04-12-2011, 03:31 PM
EVE Blog Entry Outlines New Forum Security Issues [EVE Online]
Similar Threads
Linear Mode
