1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Other Uplay account meddle

Discussion in 'Software' started by Baguette, 13 Aug 2013.

  1. Baguette

    Baguette What's a Dremel?

    Joined:
    6 Aug 2010
    Posts:
    93
    Likes Received:
    0
    Soooo, a friend had quite a big surprise today.

    He posted a question on Uplay, then went to his account and tried to see the question he posted by clicking on "My questions".

    Poof. He was logged into some poor souls account. As a matter of fact, that poor soul had asked tech support questions regarding his password. Which meant my friend now had this guys email and password for the uPlay account. By clicking on a link. From his own account.

    I didn't believe him, so I tried to log into this guys account with the credentials my friend scored, and it turns out it works, I actually got logged into some guys account.

    [​IMG]

    [​IMG]


    Now, I admittedly can only go and check out "My Questions", since when I hit "My Account", the site asks for a password reset. It doesn't however log me out. Instead, I can still access a question the person opened, where are available: A CD key for a game, account login AND account password.

    [​IMG]
    Above, the only amount of security encountered...and I'm still logged in. Too late. These kinds of countermeasures are only effective if they are used when you log in for the first time, not once you have detected that someone has been sniffing around.

    I understand that this might be slightly uhm...unbelievable. Quite frankly it is, and I don't feel like openly divulging passwords like Ubisoft has decided is fine to do, so I can unfortunately provide no consistent proof whatsoever beyond screenshots (that some people will call out and say are from my own account, which I don't have).

    I have never seen a site bug like this. I just cannot understand it.

    In fact, it seems so big it looks like a "trap", as said my friend.



    Some will tell me this is something that should be posted to Ubisoft, and has nothing to do here. Well, I'm sorry, but apart from choosing the wrong subforum, I believe I have made no mistake and I firmly believe the community should know that uPlay must be avoided like the plague. As I said, I don't have a uplay account, but my friend went a head and posted a question about this. He'll pass over any answer they may have.
     
    Baguette, 13 Aug 2013
    #1

Share This Page