1.   September 26, 2021  
    Blkunxpd's Avatar
    Blkunxpd
    Forum Veteran
    Originally Posted by BonkaD1
    Here is a link to my ticket that I did not get any response on. Instantly closed.
    https://imgur.com/mNxiQKD


    Here is also something interesting that I had no clue about. Passwords to the homepage and ingame is not capital sensitive :O

    https://imgur.com/3RqB2cq
    It's not case-sensitive, also your request is sent as plain text to the server which is big lol if someone on same network monitoring
    https://prnt.sc/1tr5yn1
    thats why javascript crypto (cipher) libraries exist, to be used for masking of this plain data before request is sent
    2fa on website can by bypassed if you have logs of last authenticated (successful login) browser (including version) and ip
    ingame you only need the ip address (I have logs from people trying to log my account ingame with ip "0.0.0.0" which basically routes to default server ip and if the 2fa excluding 127.0.0.1 (localhost) or its public ip(s) from the list on login attempts - there you go)
    I guess you should change your password more often at least because of last 3 public dumps of warmane database in recent years
    Edited: September 26, 2021
    Quote Quote
  2.   September 26, 2021  
    Anyone0's Avatar
    Anyone0
    Forum Veteran
    Originally Posted by Blkunxpd
    It's not case-sensitive, also your request is sent as plain text to the server which is big lol if someone on same network monitoring
    https://prnt.sc/1tr5yn1
    thats why javascript crypto (cipher) libraries exist, to be used for masking of this plain data before request is sent
    If you are talking only about website, HTTPS makes this unnecessary and prevents attacks by someone else on the same network, unless someone has made malicious changes on the PC itself, but at that point there could be a keylogger as well. Not sure how exactly ingame login works but that might be more vulnerable simply because wotlk client is pretty old now.

    Originally Posted by Blkunxpd
    2fa on website can by bypassed if you have logs of last authenticated (successful login) browser (including version) and ip
    From the original post it seems like the change comes from a different IP address. While it's possible that someone on the same network could log in and bypass 2FA, it does not apply to this case.

    Originally Posted by Blkunxpd
    ingame you only need the ip address (I have logs from people trying to log my account ingame with ip "0.0.0.0" which basically routes to default server ip and if the 2fa excluding 127.0.0.1 (localhost) or its public ip(s) from the list on login attempts - there you go)
    I have 1 such entry in my account history but I have received an email for that login attempt so it has not bypassed anything. Besides, it should not be possible to fake your IP address when logging in (because wotlk client only uses TCP and I don't think MoP client would use UDP for login process either) so it's most likely just an error in the data that gets saved in account history.
    Quote Quote
  3.   September 27, 2021  
    Keymouse8800's Avatar
    Keymouse8800
    Member
    well maybe if you guys stop sharing your accounts and act like nothing happened this topics wouldn't be a thing.
    My account has been the same since the lunch of the TBC realm. Years later not a single issue so far.
    Quote Quote
  4.   October 4, 2021  
    BonkaD1's Avatar
    BonkaD1
    Member
    Originally Posted by Blkunxpd
    It's not case-sensitive, also your request is sent as plain text to the server which is big lol if someone on same network monitoring
    https://prnt.sc/1tr5yn1
    thats why javascript crypto (cipher) libraries exist, to be used for masking of this plain data before request is sent
    2fa on website can by bypassed if you have logs of last authenticated (successful login) browser (including version) and ip
    ingame you only need the ip address (I have logs from people trying to log my account ingame with ip "0.0.0.0" which basically routes to default server ip and if the 2fa excluding 127.0.0.1 (localhost) or its public ip(s) from the list on login attempts - there you go)
    I guess you should change your password more often at least because of last 3 public dumps of warmane database in recent years
    Sure you are probably right. It would be recomended to change password more often. I pretty much never did so. But that does still not explain why 2fa is not removed in my history log, and that is the main question I am looking for. But maybe I dont understand what you mean with the 2fa. Do you mean he can make warmane not log it and get into my email account and remove the request and so on and so on without it being shown on warmane?

    I took the time to print all history in three different images. I think 2 of the images might be a bit hard to read. But hopefully you will figure out a way to zoom in so u can see what it says :)
    I removed my ipadress on all prints since I believe its not too smart to share it. I am not well aware of what people can do with such information though..


    2015-2018
    https://imgur.com/9E1ZZN8

    2019
    https://imgur.com/whedITV

    2019-2021
    https://imgur.com/qBz6vNN
    Quote Quote
First 12
« Previous Topic | Next Topic »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules