Impulse password stored in plaintext

from Demigod Forums

Hey, just wanted to give people a little headsup about something I found while mucking about in the games config files.

In the game.prefs file (Typically found in /My Documents/My Games/Gas Powered Games/Demigod/game.prefs) your impulse password is stored in plaintext if you've ticked the remember me box while logging in. This means its easily accessible to trojans and viruses and what have you. Perhaps the game devs should ask themselves that question that all computer network guys ask themselves everyday when designing systems, "What about security?" :)

 

demigod
25,283 views 10 replies
Reply #1 from Demigod Forums Top

Yes yes, Frogboy said they've talked to GPG about removing it from the game prefs.

Reply #2 from Demigod Forums Top

We've reported this to GPG and asked them to change how this is stored.

Ashes of the Singularity II
Reply #3 from Stardock Forums Top

I vote for decapitation for that. As an IT guy i take such stuff with high level of paranoia.

Reply #5 from Demigod Forums Top

Quoting Hilving, reply 4
Haha, that's so silly.
End of Hilving's quote

 

Actually, it's almost programming 101: never store an unencrypted password. They probably planned to remove it, but somehow forgot to actually do it...

Reply #6 from Demigod Forums Top

Must admit don't really know what im talking about, know nothing about hacking, but surely it would have been better to email privately about this serious flaw, rather than posting it for the world to see  ?

Reply #7 from Demigod Forums Top

Computer Security 101: Shit gets fixed faster if you make it public.

 

 

+1 Loading…
Reply #8 from Demigod Forums Top

Quoting rendari, reply 7
Computer Security 101: Shit gets fixed faster if you make it public.

 

 
End of rendari's quote

 

This.

 

Edit:

And also, if you untick the remember me box it shouldn't be stored (I guess, havn't checked). So it's informative to how to avoid the issue as well.

Reply #9 from Demigod Forums Top

...but surely it would have been better to email privately about this serious flaw, rather than posting it for the world to see ?
End of quote
That was my approach. On the other hand, it was the the first file I opened to check for future modding projects so I guess many modders are already aware of the problem and probably a good bunch of the active beta testers and players too.

Computer Security 101: Shit gets fixed faster if you make it public.
End of quote
True but I was assured by a GPG employee that this is one of their top priorities and they will fix it as soon as possible. And I doubt the would delay fixing this for any reason.

 

Reply #10 from Demigod Forums Top

Oh wow thanks for the heads up I just unselected my box.