ATRAIN
11-15-2004, 11:53 AM
Found on TWL, would this be that big of concern to EA?
"I found a security leek in the way mohpa stores passwords.
MOHPA is online cdkey, and you need to register with EA games to play multiplayer (as you all know). So you make an account name and password, launch your game, save your password so you don't have to enter it everytime, and login to play some MP... everything is fine right? ... Wrong.
MOHPA logs your username and password ( unencrypted ) to your unnamedsoldier.cfg in Documents and Settings. You were worried about people getting a hold of your cdkey with a keystealer before? What happens now when someone writes a sniffer that will log your configs? Hope you aren't using the same password for your paypal (or anything else for that matter)."
"I found a security leek in the way mohpa stores passwords.
MOHPA is online cdkey, and you need to register with EA games to play multiplayer (as you all know). So you make an account name and password, launch your game, save your password so you don't have to enter it everytime, and login to play some MP... everything is fine right? ... Wrong.
MOHPA logs your username and password ( unencrypted ) to your unnamedsoldier.cfg in Documents and Settings. You were worried about people getting a hold of your cdkey with a keystealer before? What happens now when someone writes a sniffer that will log your configs? Hope you aren't using the same password for your paypal (or anything else for that matter)."