| Author |
Message |
 |
teh_n00binator
Joined: 04 05, 2011 /02:40
Posts: 727
Location: United Kingdom
|
|
Post subject: **URGENT** Remove administrate user tab from profile view!!!  Posted: 09 06, 2011 /04:05 |
|
 This is a clear security risk, why am I viewing it? While I can't enter the ACP due to not having permission I can retrieve emails from anyone on the forum without their permission. Please fix this!! p.s. Hover over the email tab..
|
|
|
|
|
 |
fri13th
Joined: 05 15, 2011 /01:21
Posts: 123
Location: Philippines
|
|
Post subject: Re: **URGENT** Remove administrate user tab from profile vie Posted: 09 06, 2011 /05:17 |
|
I already sent them a message to cry-tom and as well on the support page maybe 12-18 hours ago. Until now they didn't even reply or fixed this issue.
|
|
|
|
|
 |
Pein-Lazarus
Joined: 06 13, 2010 /10:31
Posts: 640
Location: United Kingdom
|
|
Post subject: Re: **URGENT** Remove administrate user tab from profile vie Posted: 09 06, 2011 /05:20 |
|
When I first saw it, I thought I was a mod or some crap.
I was all, what on earth....
But yes, the warning part is useful to see -for yourself- but that whole administrate user, can easily be abused.
|
|
|
|
|
|
teh_n00binator
Joined: 04 05, 2011 /02:40
Posts: 727
Location: United Kingdom
|
|
Post subject: Re: **URGENT** Remove administrate user tab from profile vie Posted: 09 06, 2011 /05:32 |
|
Pein-Lazarus wrote: When I first saw it, I thought I was a mod or some crap.
I was all, what on earth....
But yes, the warning part is useful to see -for yourself- but that whole administrate user, can easily be abused. You're not meant to view it, it's part of the mod tools which are for phpbb moderators and admins only not users. I can also view your email address by hovering over the email bit which is a clear security risk.
|
|
|
|
|
|
Pein-Lazarus
Joined: 06 13, 2010 /10:31
Posts: 640
Location: United Kingdom
|
|
Post subject: Re: **URGENT** Remove administrate user tab from profile vie Posted: 09 06, 2011 /05:35 |
|
Yeah, I know. Which is why I thought I was a mod. Only till I saw people mentioning they could see it too.
Though, the Site Admin was tweaking things earlier. So, probably will vanish later on.
The email thing sucks though.
|
|
|
|
|
|
teh_n00binator
Joined: 04 05, 2011 /02:40
Posts: 727
Location: United Kingdom
|
|
Post subject: Re: **URGENT** Remove administrate user tab from profile vie Posted: 09 06, 2011 /08:34 |
|
Pein-Lazarus wrote:
The email thing sucks though.
I always use different email addresses for games, paypal, shopping and personal stuff however I don't like the fact anybody can grab my email off here and spam me stuff. Increases the chance of accounts being hacked also.
|
|
|
|
|
 |
M4dn3ss
Joined: 01 13, 2011 /09:58
Posts: 3985
Location: Australia
|
|
Post subject: Re: **URGENT** Remove administrate user tab from profile vie Posted: 09 07, 2011 /09:31 |
|
GARH email addresses o_0 fix it now!
|
|
|
|
|
|
Pein-Lazarus
Joined: 06 13, 2010 /10:31
Posts: 640
Location: United Kingdom
|
|
Post subject: Re: **URGENT** Remove administrate user tab from profile vie Posted: 09 07, 2011 /10:44 |
|
teh_n00binator wrote: Pein-Lazarus wrote:
The email thing sucks though.
I always use different email addresses for games, paypal, shopping and personal stuff however I don't like the fact anybody can grab my email off here and spam me stuff. Increases the chance of accounts being hacked also. Yep. I don't ever use my billing/personal email addresses for forums. I have bs email accounts for that purpose.
|
|
|
|
|
 |
Cry-Tom
Crytek Staff
Joined: 06 11, 2010 /04:10
Posts: 715
Location: Germany
|
|
Post subject: Re: **URGENT** Remove administrate user tab from profile vie Posted: 09 07, 2011 /02:30 |
|
Hey guys, it's a known issue and should be resolved in the very near future, clearly there is a privacy issue here so we're eager to sort it out.
|
|
|
|
|
|
Pein-Lazarus
Joined: 06 13, 2010 /10:31
Posts: 640
Location: United Kingdom
|
|
Post subject: Re: **URGENT** Remove administrate user tab from profile vie Posted: 09 07, 2011 /02:51 |
|
Hey Tom,
Any timeframe for that? This forum already has poor bot protection. Exposing our email addresses is another pond.
|
|
|
|
|
