Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Kenny Camerman
|
Posted - 2011.08.28 22:10:00 -
[1]
One of my corporation members sent the following mail to me moments ago. Effectively, he logged onto his CEO alt which belongs to an entirely different corporation, then logged onto his character in my Corp who is simply a normal member with no roles or titles.
This is what he sent me (where xxx is our corp name):
I have found a bug that allows any member of xxx w/o roles to see sensitive corp info on the map.
Plain and simple...when logging off from my CEO/marketing alt and on to my main, who is in xxx (this guy), I am able to see sensitive information on the map that I shouild not be able to see.
I do this by first logging on to my CEO alt, opening the star map, selecting 'My Information' and lets say..Deliveries.. or Impounded... or perhaps Property or even Corp Members in Space... (I have tried them all) then logging off of her and logging on to my xxx char and opening the star map.. and *presto* there I see what ever info i had selected in my CEO's map query.
I found this bug because every time I logged off my CEO alt w/o first closing my Deliveries hangar window, I would get a pop up telling me that I was 'not the role of Jr. Accountant / Trader' etc.. so I decided to experiment.
I'm usually not one to make light of such things but I thought you should know this as it poses a MAJOR security risk.
I have only spoken to nasty1 about this tho I did not divulge any information I have gained thru examining this bug.
Info such as:
xxx deliveries: system A system B system C
Offices: system D system E system F system G system H
TRIAD PROPERTY systm J
as well as members in space at any time. --------------------------------------------------- I'm assuming this bug applies in other corps as well
...this is all information that I should not have, nor should anyone not assigned the appropriate roles. This bug should be addressed, but I leave it up to you, as I don't want to be the one responsible for... fixing EvE.
|
Abdiel Kavash
Caldari Paladin Order Fidelas Constans
|
Posted - 2011.08.29 01:41:00 -
[2]
Wait, so your main is in corp A, and your alt is a director in corp B. You look at the map with your alt, then relog, and which info you see with your main? That of corp A or B? I think what you are describing is seeing only info of B - which doesn't matter that much, as you have access to that anyway (since it's your alt).
If you can see info of corp A, then this is indeed a problem. ---
|
Rina Asanari
|
Posted - 2011.08.29 07:44:00 -
[3]
If the data is shared between several accounts on the same client it would be a major security risk, definitely. Maybe quitting the client completely after logging off or clearing the cached data may work around that issue.
If the data is just shared between characters on the same account, the bug would require at least one of the three characters on the account to have the appropiate roles, so the account holder in question doesn't get any information he isn't entitled to have in any way.
|
Kenny Camerman
|
Posted - 2011.08.29 09:04:00 -
[4]
Originally by: Abdiel Kavash If you can see info of corp A, then this is indeed a problem.
This is exactly the issue
|
Kenny Camerman
|
Posted - 2011.08.29 09:34:00 -
[5]
Originally by: Rina Asanari If the data is shared between several accounts on the same client it would be a major security risk, definitely. Maybe quitting the client completely after logging off or clearing the cached data may work around that issue.
This seems to be what is happening - it is somehow carrying over the cached roles of his CEO account when he switched characters
|
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |