Katie Chalmers
Stalker
- Joined
- Oct 13, 2020
- Posts
- 2,421
- Location
- Australia
- Avatar Name
- Katie Chalmers
Hey,
For those that use Entropia Pocket for 2FA I want to bring to light a curious discovery that may be a potential security risk.
When the game asks for you to enter the 6 digit code, it doesn't recognise any preceding zeros in the combination.
For example: A code of 75040 will need to be entered exactly as given, however the code of 00419 will only need the last three digits entered for the code to work.
In the rare chance that a code of 00000 Is generated, It is likely that no input would be required at all.
I am not at all familiar with how 2FA programs work behind the scenes, but in my eyes this seems like an oversight and a security risk. A 6 digit code should be 6 digits, zeros or not. Funnily enough the 2FA on the Entropia website works as intended, its just the game client that has this issue.
Can anybody with insider knowledge on these systems send me some reassurance?
Ta
For those that use Entropia Pocket for 2FA I want to bring to light a curious discovery that may be a potential security risk.
When the game asks for you to enter the 6 digit code, it doesn't recognise any preceding zeros in the combination.
For example: A code of 75040 will need to be entered exactly as given, however the code of 00419 will only need the last three digits entered for the code to work.
In the rare chance that a code of 00000 Is generated, It is likely that no input would be required at all.
I am not at all familiar with how 2FA programs work behind the scenes, but in my eyes this seems like an oversight and a security risk. A 6 digit code should be 6 digits, zeros or not. Funnily enough the 2FA on the Entropia website works as intended, its just the game client that has this issue.
Can anybody with insider knowledge on these systems send me some reassurance?
Ta