From: SourceForge.net <no...@so...> - 2005-04-26 22:14:54
|
Bugs item #1190598, was opened at 2005-04-26 17:14 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=103248&aid=1190598&group_id=3248 Category: BZFlag Group: Network problems Status: Open Resolution: None Priority: 5 Submitted By: Richard Rauch (rkrolib) Assigned to: Nobody/Anonymous (nobody) Summary: Client password can be compromised! Initial Comment: I checked under "any" (open/closed/etc.) to see if there was anything like this already filed. I couldn't find such, so it may be relavent though I am not using the 2.x clients. (I'm using 1.10.6 from pkgsrc, with 2 further pkgsrc revision patches on top of that.) While I was playing, a player informed me that he had my password. He told me the password, so he truly had it. I cannot think of any way that he could have gotten it from me, except by hacking it out of the client. (I never tell anyone the password. I never use it for anything else. There is no relation to my callsign. I had been logged in for quite some time before this player even logged in, so I doubt that he was monitoring the channel with some kind of packet-sniffer.) Perhaps a minute before he told me my own password, my lag jumped very high on the server, so I am guessing that he stole my password by some kind of flood of my client that caused bzflag to divulge buffers, histories, or even to re-validate itself. He never disclosed how he got my password. Since there is no record of this as an old problem that was fixed in the bugs database, I assume that it is an unknown problem and may still affect the 2.x clients. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=103248&aid=1190598&group_id=3248 |