Jump to content

  • Curse Sites
Help
Regional FlagVulnerability with website login form?Source
avatar
riymond.5463
Target Source
#1 -

Hey team —
I’m concerned the person in the post below is attempting to use a vulnerability on the gw2 website to obtain user’s account login details -- unfortunately, this could be done by almost anybody very easily to trick a user since they will be entering their account information on your actual website with no idea that it will be redirected to somebody untrusted
http://www.guildwars2guru.com/topic/78397-news-on-the-gw2-extension-im-working-on/
I believe this could be prevented by restricting the allowable redirect_uri from your login page to trusted domains
It’s also possible I am misunderstanding things, but wanted to bring to your attention
Cheers


avatar
ArenaNet Poster
Target Source
#2 -

He’s redirecting to the live TP site. It’s already in our whitelist.