Not a bug: email "Tribal Wars - Message received": I can login without entering the password.

DeletedUser

Guest
  1. Summary of the issue (title of the post)
    email "Tribal Wars - Message received": I can login into the game without entering the password when I enter the button "ENTER THE GAME!.
  2. Overview of the bug (description):
    I can login at world zz1 without entering my password when I enter the button "ENTER THE GAME!" in the email "Tribal Wars - Message received". This has nothing to do with cookies, I've deleted all cookies before. And I tried it with an other browser, who don't know my password: same result
  3. Steps to reproduce:
    1. Get the email "Tribal Wars - Message received".
    2. Open the email in a browser without cookies from Tribalwars.
    3. Enter the button "ENTER THE GAME!".
    4. You are logged in at the world you've get a massage.
  4. Reproduction rate (Every time? Sometimes?):
    Every time.
  5. Browser and Version:
    Firefox 33.0, Firefox 33.0.1, Chrome 38.0.2125.104
  6. Visual Reference if available (Screenshot) please put them in a spoiler.:
    /
  7. Player name and market for rewards:
    Eroberer der Welt (de)
 
Last edited by a moderator:

DeletedUser

Guest
Hello!

Obviously the forwarding link (http://email.tribalwars.net/c/ZD1lMjg2OCZpPUUx***) contains a individual ID which can be assigned with the account name and the password from the time, the email was sent. If the password haven't been changed the server send the account name and the right password to the login-site without an action of the user. If an unauthorized person reed the mail or get the forwarding link he can login every time without entering the password.

But the good thing is: If the password has been changed after sending the mail, the link contains an old id and the server sends the old password to the login-site which say "Invalid password".

Greets, Eroberer der Welt
 
You must log in or register to reply here.
Top