rev6 is *******

[_SomeOne_]

rev6 is ..... dumb...
they just added secret questions.... to ACCs
they try to make joymax fix that bug...
and now they are helping hackers...
wtf?

[h33r0yuy]

questions, not answers... if you knew the acct you could go click forgot password and it'd ask you the question anyway.

[Wu]

holy crap you're right

[_SomeOne_]

questions, not answers... if you knew the acct you could go click forgot password and it'd ask you the question anyway.

yea thats what i said..... secret questions.. not secret answer........

[_SomeOne_]

ppl can type in random ids... like nick silkroad123 happyme ect,,
and get the SQ

[SpInKsTaR]

MAGICAL.....
It works

[Crumpets]

Even if it's just the answer, rev6 is now raiding people's privacy.

**** Nimble seriously.

[Wheres Waldo?]

Just dont go there? =/

[h33r0yuy]

https://www.joymax.com/portal/Joymax_Fr ... oymax.com/

go here. type any id you want, click ok!, and it shows the question.



rev6 isnt providing any info that you cant find from jm's site with that feature.

however, i dont get why that exists if you can do the same thing from jm's site.

[_SomeOne_]

Just dont go there? =/

they take it from ingame... not from the site

[SpInKsTaR]

Yeah....uhh wtf....
Why would Joymax do that....You just put in the username and it comes up with the "SECRET" Question...

Joymax is extremely strange :S

[h33r0yuy]

the question isnt secret, the answer is. the purpose of the question is to ask it to anyone who wants to access your account password, to make sure its you.

the question was never hidden...

[_SomeOne_]

the question isnt secret, the answer is. the purpose of the question is to ask it to anyone who wants to access your account password, to make sure its you.

the question was never hidden...

then tell me ur question.. lol thought so

[h33r0yuy]

my question is "your high school"

reason i can say that is simply that, in order for you to hack my account, you would need my account id. if you had my account id, you could get my question anyway. dont need to bother hiding it, now do i?

[_SomeOne_]

my question is "your high school"

reason i can say that is simply that, in order for you to hack my account, you would need my account id. if you had my account id, you could get my question anyway. dont need to bother hiding it, now do i?

u sure its not birthplace .. lol

[Nyte]

the question isnt secret, the answer is. the purpose of the question is to ask it to anyone who wants to access your account password, to make sure its you.

the question was never hidden...

then tell me ur question.. lol thought so

My answer is never related to the question in anyway whats so ever so doesn't matter Who ever does put a real related answer to their question is plain stupid.

[h33r0yuy]

my question is "your high school"

reason i can say that is simply that, in order for you to hack my account, you would need my account id. if you had my account id, you could get my question anyway. dont need to bother hiding it, now do i?

u sure its not birthplace .. lol

im sure.

[_SomeOne_]

my question is "your high school"

reason i can say that is simply that, in order for you to hack my account, you would need my account id. if you had my account id, you could get my question anyway. dont need to bother hiding it, now do i?

u sure its not birthplace .. lol

im sure.

i think i no ur id lol

[h33r0yuy]

oh, and just for fun...


go to http://www.worldofwarcraft.com/loginsup ... sword.html, put in anyone's wow id, and it tells you their secret question.


that would be the purpose of the question........

[darkmaster21]

I'm not entering my ID in there, they might have a log of all the ID's entered. Then bruteforce the account.

[h33r0yuy]

ie why i didnt stick my id into rev6, lol

[_SomeOne_]

nvm.... joymax.com has the same thing...
JM is dumb aswell

[_SomeOne_]

ie why i didnt stick my id into rev6, lol

can i guess ur ID on here?

[BryaN]

Lol you still neeed ID but joymax omg comeon...!!!

[h33r0yuy]

seriously guys, why is it dumb for a site to use the secret question for its intended purpose?


the secret question is used in this way: if you forget your password, you put in your id, it asks a question. once you put in the answer to the question (and a lot of places that use secret questions/answers also ask for email address), it sends you an email to change your password.

if it didnt ask the question when provided the acct id, how would that system work?

ie why i didnt stick my id into rev6, lol

can i guess ur ID on here?

id rather the topic of guessing my id stop before it starts, thx.


in case you didnt know, this same system has been in use by lots of sites and games for years... how is it suddenly that some 3rd party site is providing info you can get in 10 seconds suddenly makes it a security breach?

fyi: im not defending rev6, im defending jm (yes, i would) because this is a totally ridiculous argument saying that its a security hole of any sort...

[Sylhana]

As long as your secret answer is not revealed, I fail to see how this would be much of a security flaw.

[darkmaster21]

As long as your secret answer is not revealed, I fail to see how this would be much of a security flaw.

Same here, everyone in going crazy for no reason. Any website reveals the Secret Question...how else would you know what to answer to obtain your password you forgot?

[_SomeOne_]

well remeber the expliot alll u needed is the ID and SQ right... so if u knew the ID and u find out the SQ and if ur SQ is easy then ur .....?

[Wheres Waldo?]

U guys get paranoid to easy..... its a security thing... chill out


~~~~ Magni

[h33r0yuy]

well remeber the expliot alll u needed is the ID and SQ right... so if u knew the ID and u find out the SQ and if ur SQ is easy then ur .....?

a. the exploit doesnt work anymore.

b. you need the ANSWER, not the question. youve been able to know a SQ for years if you knew the id...