You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Security Issue: It is possible to access a restricted page without having to enter a password, when a different restricted page uses the same password.
#1573
Describe the bug
Setting the same password on two separate restricted game pages, allows accessing both, once the password for one was entered.
To Reproduce
Create two game pages.
Go to both games settings and adjust the Restricted access settings, to allow accessing the page using a password.
Set the same password for both games.
Save the links to the games and the password somewhere for later use.
Clear your browser data and go to the first of the two pages.
You are asked to enter a password. Enter the password you set.
Go to the second game page. You can access it without entering a password.
Expected behavior
I expected the second game page to ask me for a password also.
Desktop (please complete the following information):
OS: 5.15.150-1-MANJARO x86_64 GNU/Linux
Browser: Firefox
Version 124.0.1 (64-bit)
Additional context
This might only apply to games that were uploaded by the same account.
I have not tested what happens if the games were uploaded from different accounts.
Using the same password is not a good idea anyways and this may even be intended behavior.
The text was updated successfully, but these errors were encountered:
Describe the bug
Setting the same password on two separate restricted game pages, allows accessing both, once the password for one was entered.
To Reproduce
Expected behavior
I expected the second game page to ask me for a password also.
Desktop (please complete the following information):
Additional context
This might only apply to games that were uploaded by the same account.
I have not tested what happens if the games were uploaded from different accounts.
Using the same password is not a good idea anyways and this may even be intended behavior.
The text was updated successfully, but these errors were encountered: