Search
Forum Home | Login
GrottrolletNaug
GrottrolletNaug
Join Date 04/2009
0

Impulse password stored in plaintext

April 23, 2009 4:08:58 PM from Demigod ForumsDemigod Forums

Hey, just wanted to give people a little headsup about something I found while mucking about in the games config files.

In the game.prefs file (Typically found in /My Documents/My Games/Gas Powered Games/Demigod/game.prefs) your impulse password is stored in plaintext if you've ticked the remember me box while logging in. This means its easily accessible to trojans and viruses and what have you. Perhaps the game devs should ask themselves that question that all computer network guys ask themselves everyday when designing systems, "What about security?"

 

demigod
Locked Post
Search this post
Advanced Search
Subscription Options
Reason for Karma (Optional)
Successfully updated karma reason!
GrottrolletNaug
Annatar11
Join Date 11/2006
+527
Reply #1 April 23, 2009 4:10:43 PM
from Demigod ForumsDemigod Forums

Yes yes, Frogboy said they've talked to GPG about removing it from the game prefs.

Reason for Karma (Optional)
Successfully updated karma reason!
GrottrolletNaug
Frogboy
Join Date 03/2001
+2415 sdemperor
Reply #2 April 23, 2009 4:10:51 PM
from Demigod ForumsDemigod Forums

We've reported this to GPG and asked them to change how this is stored.

Reason for Karma (Optional)
Successfully updated karma reason!
GrottrolletNaug
Hettikus
Join Date 06/2008
0
Reply #3 April 23, 2009 4:25:16 PM
from Stardock ForumsStardock Forums

I vote for decapitation for that. As an IT guy i take such stuff with high level of paranoia.

Reason for Karma (Optional)
Successfully updated karma reason!
GrottrolletNaug
Hilving
Join Date 03/2009
0
Reply #4 April 23, 2009 4:26:36 PM
from Demigod ForumsDemigod Forums

Haha, that's so silly.

Reason for Karma (Optional)
Successfully updated karma reason!
GrottrolletNaug
bug-77
Join Date 05/2006
+1
Reply #5 April 23, 2009 4:37:04 PM
from Demigod ForumsDemigod Forums

Quoting Hilving,
reply 4
Haha, that's so silly.

 

Actually, it's almost programming 101: never store an unencrypted password. They probably planned to remove it, but somehow forgot to actually do it...

Reason for Karma (Optional)
Successfully updated karma reason!
GrottrolletNaug
jarvismac
Join Date 03/2006
0
Reply #6 April 23, 2009 4:54:41 PM
from Demigod ForumsDemigod Forums

Must admit don't really know what im talking about, know nothing about hacking, but surely it would have been better to email privately about this serious flaw, rather than posting it for the world to see  ?

Reason for Karma (Optional)
Successfully updated karma reason!
GrottrolletNaug
rendari
Join Date 07/2007
+2
Reply #7 April 23, 2009 5:01:13 PM
from Demigod ForumsDemigod Forums

Computer Security 101: Shit gets fixed faster if you make it public.

 

 

+1
Reason for Karma (Optional)
Successfully updated karma reason!
GrottrolletNaug
GrottrolletNaug
Join Date 04/2009
0
Reply #8 April 23, 2009 6:35:08 PM
from Demigod ForumsDemigod Forums

Quoting rendari,
reply 7
Computer Security 101: Shit gets fixed faster if you make it public.

 

 

 

This.

 

Edit:

And also, if you untick the remember me box it shouldn't be stored (I guess, havn't checked). So it's informative to how to avoid the issue as well.

Reason for Karma (Optional)
Successfully updated karma reason!
GrottrolletNaug
Colonel_Jessep
Join Date 09/2008
+46
Reply #9 April 23, 2009 7:01:20 PM
from Demigod ForumsDemigod Forums

...but surely it would have been better to email privately about this serious flaw, rather than posting it for the world to see ?
That was my approach. On the other hand, it was the the first file I opened to check for future modding projects so I guess many modders are already aware of the problem and probably a good bunch of the active beta testers and players too.

Computer Security 101: Shit gets fixed faster if you make it public.
True but I was assured by a GPG employee that this is one of their top priorities and they will fix it as soon as possible. And I doubt the would delay fixing this for any reason.

 

Reason for Karma (Optional)
Successfully updated karma reason!
GrottrolletNaug
Shock0311
Join Date 04/2009
+1
Reply #10 April 23, 2009 7:16:59 PM
from Demigod ForumsDemigod Forums

Oh wow thanks for the heads up I just unselected my box.

Reason for Karma (Optional)
Successfully updated karma reason!
View all recent posts
Mark all posts as read Delete cookies created by the forum Return to Top
Stardock Forums v        Server Load Time:   Page Render Time:

Stardock Magazine | Register | Online Privacy Policy | Terms of Use

Copyright © 2025 Stardock Entertainment and Gas Powered Games. Demigod is a trademark of Stardock. All rights reserved. All other trademarks and copyrights are the properties of their respective owners. Windows, the Windows Vista Start button and Xbox 360 are trademarks of the Microsoft group of companies, and 'Games for Windows' and the Windows Vista Start button logo are used under license from Microsoft. � 2012 Advanced Micro Devices, Inc. All rights reserved. AMD, the AMD Arrow logo and combinations thereof are trademarks of Advanced Micro Devices, Inc.