Password Reset Spoofing - About xda-developers.com

Hey,
Ive just used the pw reset feature today,
and heck,
I was shocked when I entered my email adress into the input form and it prompted a message that my password reset was send to my email.
A password reset request has been emailed to you. Please follow the instructions in that email.
Click to expand...
Click to collapse
The prompted message should NOT give any detail if the entered email is used in the db, or not!
That needs to be adressed imho asap!
Simply by:
If true:
If this email is associated with an account, the password reset request has been emailed to it. Please follow the instructions in that email.
If not true:
If this email is associated with an account, the password reset request has been emailed to it. Please follow the instructions in that email.
Ty

@MikeChannon @the_scotsman
Gentlemen, for your attention please.

GuestNoOne said:
Hey,
Ive just used the pw reset feature today,
and heck,
I was shocked when I entered my email adress into the input form and it prompted a message that my password reset was send to my email.
The prompted message should NOT give any detail if the entered email is used in the db, or not!
That needs to be adressed imho asap!
Simply by:
If true:
If this email is associated with an account, the password reset request has been emailed to it. Please follow the instructions in that email.
If not true:
If this email is associated with an account, the password reset request has been emailed to it. Please follow the instructions in that email.
Ty
Click to expand...
Click to collapse
Contact Us | XDA Developers
Founded in 2002, XDA is the world’s largest smartphone and electronics community. Looking for the latest tech news and reviews? Want to do more with your Android phone, Windows PC, iPhone, iPad, or MacBook? Look no further than XDA.
www.xda-developers.com
Requests to Moderators and Recommendations for XDA improvements
[All XDA Members] Requests to Moderators and Admins [All XDA Members] Feedback/Recommendations for XDA
forum.xda-developers.com

sd_shadow said:
Contact Us | XDA Developers
Founded in 2002, XDA is the world’s largest smartphone and electronics community. Looking for the latest tech news and reviews? Want to do more with your Android phone, Windows PC, iPhone, iPad, or MacBook? Look no further than XDA.
www.xda-developers.com
Requests to Moderators and Recommendations for XDA improvements
[All XDA Members] Requests to Moderators and Admins [All XDA Members] Feedback/Recommendations for XDA
forum.xda-developers.com
Click to expand...
Click to collapse
What a mess in here... Instead of deleting this thread the mod decided to delete the post I made, after checking your reply, in:
https://forum.xda-developers.com/t/...recommendations-for-xda-improvements.4300729/
... but hey, its actually not a recommendation, its a security flaw and therefor bug report. So maybe the mod was right to leave this thread. Still confused

GuestNoOne said:
Hey,
Ive just used the pw reset feature today,
and heck,
I was shocked when I entered my email adress into the input form and it prompted a message that my password reset was send to my email.
The prompted message should NOT give any detail if the entered email is used in the db, or not!
That needs to be adressed imho asap!
Simply by:
If true:
If this email is associated with an account, the password reset request has been emailed to it. Please follow the instructions in that email.
If not true:
If this email is associated with an account, the password reset request has been emailed to it. Please follow the instructions in that email.
Ty
Click to expand...
Click to collapse
This matter has been referred to those who can officially review and potentially change the way the process works.
Mike

I just fixed this by standardizing verbiage across both situations. Thank you for bringing it to our attention @GuestNoOne !

Lol. Mods thanking each other to gain more likes - while the one who brought it up doesnt get any.
That phenomen got a name and aint healthy...

GuestNoOne said:
Lol. Mods thanking each other to gain more likes - while the one who brought it up doesnt get any.
That phenomen got a name and aint healthy...
Click to expand...
Click to collapse
Do you really expect an answer? Certainly not from me.

GuestNoOne said:
Lol. Mods thanking each other to gain more likes
Click to expand...
Click to collapse
We don't care about likes anymore, this is no longer significant at this point, for moderators at least. We are not chasing them.
GuestNoOne said:
while the one who brought it up doesnt get any.
Click to expand...
Click to collapse
Fixed! You got likes now, thanks!
Yeah that happens, I've seen moderators (myself included) affected by this situation as well, don't worry, e.g. a moderator posts a smart question or an interesting issue and only the other mod who answered got likes! This is not specific to non-moderators, trust me.
GuestNoOne said:
That phenomen got a name and aint healthy...
Click to expand...
Click to collapse
I know for sure there is nothing malicious here. Trust me here too

Related

Unable to edit wiki?

Hi there,
I've just signed up so that I could reformat http://wiki.xda-developers.com/index.php?pagename=HTC_Dream_Boot_Image , but I can't seem to login to the wiki.
I've tried with Firefox 3.5 and Safari 4, both show the board software indicating a successful login, before redirecting back to the wiki where the login box is still present and "you need to login to edit.."
I tried clearing cookies for wiki.xda-developers.com, but it didn't help.
I am not sure, but probably you need to have a certain amount of Posts before you can update the wiki
Hmm, is there perhaps some way I can get around this? Really every question I have has probably been answered 100 times over, and asking them again just to generate credit seems a bit silly. The only thing I can help contribute to is organizing the existing information..
"To be able to create or edit pages, you need to be registered as a user at xda-developers.com. If you are not registered as a user then go to http://forum.xda-developers.com and click 'register' in the menu on the top of the page. Once you're logged in to the forum, you will automatically also be logged in here. If you have an xda-developers account but aren't logged in, simply click the 'sign in' link on the bottom of this page."
You should ask the admin in this concern.
Thanks corepda, Addicted2xda.
I'll see about finding an admin to ask. There is no 'sign in' link, only the standard phpWiki login box, which seems to be wired to the forum login script. However simply clicking the login button gives me a login failure (as per the paragraph you quoted), and entering my username+pw logs me in at the forum but not at the wiki..
Just to say same for me just get looped
stylez said:
Just to say same for me just get looped
Click to expand...
Click to collapse
Hmm, and you've been a member for over a year. Looks like something is broken. Anyone know who the admins are, or how to ask the forum software to message an admin?
Ok, I found the 'message admins' link and sent them a link to this thread. Yay!
Thread repoted to the staff, I am sure they will reply at the soonest to give you an appropriate reply. Good Luck.
IvanDobsky said:
Hmm, and you've been a member for over a year. Looks like something is broken. Anyone know who the admins are, or how to ask the forum software to message an admin?
Click to expand...
Click to collapse
Yeah i have had to get other users to edit the wiki when needed, but never thought to bring it up, so i'd guess it's accounts and not a xda wiki issue?
ok peeps,
http://wiki.xda-developers.com/index.php?pagename=HTC_Dream_Boot_Image
You can see that i have been able to edit the said wiki. Can you give it another go and reply back here. If there is still a problem i will notify admin.
Greetz.
TIm.
timmymarsh said:
ok peeps,
http://wiki.xda-developers.com/index.php?pagename=HTC_Dream_Boot_Image
You can see that i have been able to edit the said wiki. Can you give it another go and reply back here. If there is still a problem i will notify admin.
Greetz.
TIm.
Click to expand...
Click to collapse
Same here:
Exactly what happens:
I'm logged into XDA i go to WIKI and choose article, click edit and the log in field pops up i enter my XDA login and it goes to the signing in pop up and loops back to the login.
I think the admins need to look into this.
I've asked Flar to get someone to look at it.
Dave
Hey Luke you are not allowed to edit WIKI because you didn't send me birthday pics.
LOL
matter is getting really hot. But I am able to edit wiki, not that much qualified to put anything that deserve change though.
corepda said:
Hey Luke you are not allowed to edit WIKI because you didn't send me birthday pics.
LOL
matter is getting really hot. But I am able to edit wiki, not that much qualified to put anything that deserve change though.
Click to expand...
Click to collapse
Pic in your PM bruv, been so buzy in the kitchen that i forgot Yep it's always my fault things don't work
Dave:
Thanks hope this get sorted as muchos to add to Dash Wiki
Hi all,
Sorry for my late reply the issue escaped my attention.
I've been able to reproduce the issue with a test account, but am unable to fix it myself. I have notified our sysadmin and wiki admins and they will take a look at the issue as soon as possible.
Best regards,
Flar
i think it is ok that new members can't edit the wiki...i am able to do it and i posted a page few days ago so everything is ok from my point of view and the wiki is still editable
remember the wiki vandalism?
and when our ftp went down?
so don't rush to deal with it...it is just fine this way
farukb said:
i think it is ok that new members can't edit the wiki...i am able to do it and i posted a page few days ago so everything is ok from my point of view and the wiki is still editable
remember the wiki vandalism?
and when our ftp went down?
so don't rush to deal with it...it is just fine this way
Click to expand...
Click to collapse
1. This issue seems to have nothing to do with being a new member or not, my test account has the same issue and that's been here just as long as I have been.
2. Wiki vandalism has nothing to do with being a new member, a new member can just as well have useful info to share.
3. FTP downtime? what has that got to do with it? The last ftp downtime I could remember had nothing to do with new members but with us not scanning for viruses.
Best regards,
Flar
Flar said:
1. This issue seems to have nothing to do with being a new member or not, my test account has the same issue and that's been here just as long as I have been.
2. Wiki vandalism has nothing to do with being a new member, a new member can just as well have useful info to share.
3. FTP downtime? what has that got to do with it? The last ftp downtime I could remember had nothing to do with new members but with us not scanning for viruses.
Best regards,
Flar
Click to expand...
Click to collapse
i know that new member doesn't stay for those who do things to wiki...but they potentially are a bigger threat than people who are here for ages...not saying that ivan will do but...there are a lot of crazy people who will sign in just to do damage
not specifically the last one...but things like the one that happened in 2005..someone bashed it..there is a whole thread about it
farukb said:
i think it is ok that new members can't edit the wiki...i am able to do it and i posted a page few days ago so everything is ok from my point of view and the wiki is still editable
remember the wiki vandalism?
and when our ftp went down?
so don't rush to deal with it...it is just fine this way
Click to expand...
Click to collapse
Not forgetting i'm no noob & have additions for WIKI.
Flar:
Thankyou for looking into this and look forward to being able to edit the WIKI

how to delete a XDA DEVELOPERS account

how do you delete an xda developers forum account/profile i cant seem to find it
Please follow the link below to have your deletion processed:
Data Deletion Request on XDA-Developers
Please supply your XDA username and the associated email address. For us to process an account deletion, the email/username combo must match. Our representative will email you to confirm your identity. Once we hear back, we will process the account deletion. It can take up to 7 days to process...
docs.google.com
Sorry but I dont understand why anybody would want to have their account deleted or go to the trouble of posting to get it removed?
If you dont wat to use XDA, wouldn't it be easier just to not visit?
TheATHEiST said:
Sorry but I dont understand why anybody would want to have their account deleted or go to the trouble of posting to get it removed?
If you dont wat to use XDA, wouldn't it be easier just to not visit?
Click to expand...
Click to collapse
But it does free up user names and shows a more realistic member count
MacaronyMax said:
But it does free up user names and shows a more realistic member count
Click to expand...
Click to collapse
True but most forums prune inactive accounts anyway.
How can I delete my profile?
Can you delete my Account too?
Many thanks to apologize in advance.
Hey Mike,
please completely delete my account!
THX!
TNFL said:
Hey Mike,
please completely delete my account!
THX!
Click to expand...
Click to collapse
Not mike, but I just deleted your account as per your request.
Quick question, what do all these THANKS mean and what happens when you reach a certain amount of them? Also, do you lose THANKS (points) if someone thanks you and gets their account deleted or that person gets ban?
hey mate i wanted some help from you.
i want my account
user name:zippy36
email:[email protected]
to be deleted. i hope you will help me thanx.!
skcussrepolevedadx said:
Quick question, what do all these THANKS mean and what happens when you reach a certain amount of them? Also, do you lose THANKS (points) if someone thanks you and gets their account deleted or that person gets ban?
Click to expand...
Click to collapse
Thanks are just to show how helpful you have been in the forum. They do not go away.
zippy36 said:
hey mate i wanted some help from you.
i want my account
user name:zippy36
email:[email protected]
to be deleted. i hope you will help me thanx.!
Click to expand...
Click to collapse
Can you not read? If you can't read a few posts in this thread you might be better off having your account deleted. PM an admin.
I pm'd Mike but I was wondering if someone else can just delete my account please?
Thank you.
Please delete my account
For Mike.
Mike delete my account thank you!!!!
Why are you insisting on getting your account deleted so much?? just PM Mike and go away. He will delete it when he finds some time...
haha epic thread, now i know the undoubtedly need of the registration vid and the post limit...
sadly smarter noobs need to garbage around in order to gain enough messages and post where it needs to.
thats why im pm-ing mike now. cheers >_-
Please don't delete my account mike I spend hours on here looking at posts and wandering what am I doing then flashing something random
Yeah basically just don't use account why delete it lol
Sent from my Galaxy Nexus using xda app-developers app
You can still PM me but now I'll just direct you to our new link.
Please follow the link below to have your deletion processed:
Data Deletion Request on XDA-Developers
Please supply your XDA username and the associated email address. For us to process an account deletion, the email/username combo must match. Our representative will email you to confirm your identity. Once we hear back, we will process the account deletion. It can take up to 7 days to process...
docs.google.com
Mike

[Q] Exchange Device Administrator Security & Jellybread

Not up to the minimum post count to ask this question in the development forum...not sure if that's the best place anyway. I searched and found some related threads, but nothing within the last few years and nothing that seemed to really address my core issue.
I just went from stock unrooted to Jellybread. When adding my Exchange account, I ran into the notification forcing me to grant administrator privledges to my company's IT department. I already use a lockscreen, so I have no problem with that aspect (even though my emails are in no way sensitive in terms of trade secrets). What I do have a problem with is handing over the ability to wipe my phone or change my PIN. What if I quit or am fired and IT decides to be malicious and wipe my phone that I paid for?
I never had (or noticed) anything like this with the stock unrooted rom.
So my questions are, was this something I was already living with? Should I worry about it? Are there legal restrictions as to how and when IT can wipe my phone? Is it worth using a paid app like Enhanced Email to eliminate IT's ability to wipe my phone?
Well to address one thing at a time. All questions should be asked under the rom thread or in q&a. Do not post questions in the development thread ever which is why there is a post requirement in the development section. If you go into the jellybread thread you will be allowed to ask questions. The development section is for roms and things of that nature not new threads about questions. Not being able to start a new thread has saved you from looking foolish and getting flamed by other users. Also I am not trying to be rude with my reply but only filling you in on how things work here on xda.
Now onto the real issue at hand. Giving admin rights to the exchange server is a normal part of exchange. Tell it yes and go about doing whatever it is you do.
Now to address your paranoid delusions. I suggest seeking professional help for that issue. Lol.
Edit: the following was my misinterpretation of the permission asked and is not correct information. I have left it because I said it. Just remember it is incorrect.
Giving admin rights to exchange does not give the IT department the ability to wipe your phone or change your lock screen password. What it does do is allow the exchange server to keep all your business emails synchronized. If you delete an email from your laptop then the exchange server needs to be able to delete it from your phone. These admin rights you are so concerned about just allows exchange to read, write, and modify the emails from your exchange server.
Edit: the following comment was just me having fun and in no way was intended to be offensive. I am a paranoid type. I refuse to use credit, debit, checks, or anything that can track my spending. I won't even let them scan my drivers license at any store.
Also paranoia is not bad just don't let it control your life or you will end up needing professional help.
Peace,
Love, and
Happiness
Sent from my PC36100 using xda app-developers app
jlmancuso said:
Well to address one thing at a time. All questions should be asked under the rom thread or in q&a. Do not post questions in the development thread ever which is why there is a post requirement in the development section. If you go into the jellybread thread you will be allowed to ask questions. The development section is for roms and things of that nature not new threads about questions. Not being able to start a new thread has saved you from looking foolish and getting flamed by other users. Also I am not trying to be rude with my reply but only filling you in on how things work here on xda.
Click to expand...
Click to collapse
I understand that. I meant that I do not have the post count to post this question in the Jellybread thread on the development forum. Sorry to be unclear.
jlmancuso said:
Giving admin rights to exchange does not give the IT department the ability to wipe your phone or change your lock screen password. What it does do is allow the exchange server to keep all your business emails synchronized. If you delete an email from your laptop then the exchange server needs to be able to delete it from your phone. These admin rights you are so concerned about just allows exchange to read, write, and modify the emails from your exchange server.
Click to expand...
Click to collapse
So what does the first permission on the attached screenshot mean, then?
jlmancuso said:
Now to address your paranoid delusions. I suggest seeking professional help for that issue...
Also paranoia is not bad just don't let it control your life or you will end up needing professional help.
Click to expand...
Click to collapse
Thanks for the warm welcome.
Oh wow that is a first sorry about my reply I will edit it. I have never seen that before. I suggest that you not use your personal phone for that account then. I have no clue why that would not have shown up on the stock rom. Like you said you might not of noticed it last time.
Peace,
Love, and
Happiness
jlmancuso said:
Well to address one thing at a time. All questions should be asked under the rom thread or in q&a. Do not post questions in the development thread ever which is why there is a post requirement in the development section. If you go into the jellybread thread you will be allowed to ask questions. The development section is for roms and things of that nature not new threads about questions. Not being able to start a new thread has saved you from looking foolish and getting flamed by other users. Also I am not trying to be rude with my reply but only filling you in on how things work here on xda.
Now onto the real issue at hand. Giving admin rights to the exchange server is a normal part of exchange. Tell it yes and go about doing whatever it is you do.
Now to address your paranoid delusions. I suggest seeking professional help for that issue. Lol.
Edit: the following was my misinterpretation of the permission asked and is not correct information. I have left it because I said it. Just remember it is incorrect.
Giving admin rights to exchange does not give the IT department the ability to wipe your phone or change your lock screen password. What it does do is allow the exchange server to keep all your business emails synchronized. If you delete an email from your laptop then the exchange server needs to be able to delete it from your phone. These admin rights you are so concerned about just allows exchange to read, write, and modify the emails from your exchange server.
Edit: the following comment was just me having fun and in no way was intended to be offensive. I am a paranoid type. I refuse to use credit, debit, checks, or anything that can track my spending. I won't even let them scan my drivers license at any store.
Also paranoia is not bad just don't let it control your life or you will end up needing professional help.
Peace,
Love, and
Happiness
Sent from my PC36100 using xda app-developers app
Click to expand...
Click to collapse
Holy crap,that was deep,bro,hahahaha.

Phishing attempt (Guild Wars 2)

I received a phishing e-mail today to an address that I set up specifically for the xda-developers forum. I'm pretty sure I haven't given it to anyone else. Could there be a database leak?
Greetings!
Due to an unusual change in your access pattern, the Guild Wars 2 account under this email address has been locked. This can be caused by logging in from a new location, but it may also signal an attempt to compromise your account. If you feel that your account's security is at risk, please follow the steps below.
Step 1: Verify Your Account Ownership​
​ Click on the link below to verify your e-mail address of the Guild Wars 2 account:​ hxxps://account.guildwars2.com/account/login-support.html
Click to expand...
Click to collapse
The link actually goes to hxxp://guildwars2.com.us-support.pw/?loginservice=wam&ref=0&app=bam (WARNING! COULD BE DANGEROUS)
IHaveADiamond said:
I received a phishing e-mail today to an address that I set up specifically for the xda-developers forum. I'm pretty sure I haven't given it to anyone else. Could there be a database leak?
​
The link actually goes to hxxp://guildwars2.com.us-support.pw/?loginservice=wam&ref=0&app=bam (WARNING! COULD BE DANGEROUS)
Click to expand...
Click to collapse
There is a thread from a few months back that describes a similar situation. If I can find it I'll post a link.
Edit:
http://forum.xda-developers.com/showthread.php?t=1835116
Flagging the admin to check it out @bitpushr
Thank you,
mikef
XDA Senior Moderator

Can't login to account - Account doesn't exist

After migration to the new forum, I'm unable to login tot my old account and when i tried to reset password it says " The requested member could not be found. "
My account username is "ojuniour"
Help me, Mods/Staffers
denniss4000 said:
After migration to the new forum, I'm unable to login tot my old account and when i tried to reset password it says " The requested member could not be found. "
My account username is "ojuniour"
Help me, Mods/Staffers
Click to expand...
Click to collapse
Contact Us | XDA Developers
Founded in 2002, XDA is the world’s largest smartphone and electronics community. Looking for the latest tech news and reviews? Want to do more with your Android phone, Windows PC, iPhone, iPad, or MacBook? Look no further than XDA.
www.xda-developers.com
The account still exists.
ojuniour
forum.xda-developers.com
I tried t
sd_shadow said:
Contact Us | XDA Developers
Founded in 2002, XDA is the world’s largest smartphone and electronics community. Looking for the latest tech news and reviews? Want to do more with your Android phone, Windows PC, iPhone, iPad, or MacBook? Look no further than XDA.
www.xda-developers.com
Click to expand...
Click to collapse
just tried that
denniss4000 said:
I tried t
just tried that
Click to expand...
Click to collapse
[All XDA Members] Requests to Moderators and Admins
Rather than sending a PM to an individual Moderator, please feel free to ask questions in need of Moderator or Admin assistance. We will all be monitoring this thread, and someone will reply without much delay. In order to hopefully address some...
forum.xda-developers.com

Categories

Resources