Jump to content
Download the PL Forum App!
** ELO Ratings are now back **
2024/25 Punters Lounge Fantasy Football League Sign-Up Now Open!

Passwords in Mansion

GaF

By GaF
in Poker

 Share

Recommended Posts

GaF

GaF

Posted
Posted

Not impressed - just clicked on Tournament Lobby in Mansion and IE opened with the following URL..... https://www.mansion.com/Content/Zulu/ShowFeature.aspx?view=tournamentinfo&user=******&pass=******* I've edited the asterisks in...... Although this is secure (https) the password was visible in the url bar - what this means is that the Mansion software (Presume it's a network issue rather than a site issue) is storing my password in memory, unencrypted (or at the very least, bi-directional encryption) - seems incredibly lax to me :unsure

Link to comment
Share on other sites
McG

McG

Posted
Posted

Re: Passwords in Mansion

Not impressed - just clicked on Tournament Lobby in Mansion and IE opened with the following URL..... https://www.mansion.com/Content/Zulu/ShowFeature.aspx?view=tournamentinfo&user=******&pass=******* I've edited the asterisks in...... Although this is secure (https) the password was visible in the url bar - what this means is that the Mansion software (Presume it's a network issue rather than a site issue) is storing my password in memory, unencrypted (or at the very least, bi-directional encryption) - seems incredibly lax to me :unsure
PLUS, I had to have letters, numbers and at least 1 symbol in my password "for additional protection":rollin
Link to comment
Share on other sites
GaF

GaF

Posted
  • Author
Posted

Re: Passwords in Mansion I'm surprised there hasn't been more reaction to this - I view it as quite a major issue :unsure Don't know if I'm overreacting :unsure Just to be clear - here's a screen print of what's happening (edited out of course) mansionpassgt6.gif I have searched my registry for the password as well as the contents of my hard drive, without finding it, so that's some comfort.... I dont have the "remember password" box ticked on login :unsure

Link to comment
Share on other sites
GaF

GaF

Posted
  • Author
Posted

Re: Passwords in Mansion It's not normal for anything to store passwords in such a way that they can be known - they are usually encrypted with a one way encryption method - one way meaning you can encrypt it, but cannot (in theory) decrypt it.... Even for something non financial like PL, the password database is stored with a one way encrytion algorythm - if someone forgets their pasword, we cannot find it, and we cannot tell them what it is - all we can do is set a new password.... For something that deals in financial information, I'm stunned that the program stores your password in such a way that it can access it.....if it's there it can be exploited...... I got onto live chat on Mansion earlier and they've passed it to their technical team - will post the response here :ok Have tried some other skins on the network, and the others dont seem to have the same issue - only Mansion so far seems to do it - however ultimately I'd view the issue with the whole network - if the mansion software can get ahold of your password, then it has to be available within the software for any of the skins.... Might post it up on 2plus2, they're pretty good at investigating this kind of thing, and have far better technical people than me who can get to the bottom of whether it's really an issue or not :unsure (Will wait for the reply from the Mansion technical team first)

Link to comment
Share on other sites
AJ

AJ

Posted
Posted

Re: Passwords in Mansion I do see your point, I'd not want it displayed on screen for security point of view, someone could shoulder surf me whilst logged in and get my passed. In terms of web security thouhgt, isn't it 128bt SSL or something, secure enough I'd guess ??

Link to comment
Share on other sites
GaF

GaF

Posted
  • Author
Posted

Re: Passwords in Mansion Within the browser, yes it's secure (https), and I dont think that's so much the issue ..... I'm more concerned that this shows that a decrypted/decryptable version of my password is available from my machine :unsure (and as you say, anyone who can see my screen)

Link to comment
Share on other sites
avongirl

avongirl

Posted
Posted

Re: Passwords in Mansion I've tried clicking on various options within Mansion (lobby options, my account, cashier....) and am not getting anything displaying my password or the address showing like GaF's screen. Maybe the problem is in the browser in use? (not that I know about these things. I'm on erm....BT Yahoo I think :$).

Link to comment
Share on other sites
Valiant23

Valiant23

Posted
Posted

Re: Passwords in Mansion

Within the browser' date=' yes it's secure (https), and I dont think that's so much the issue ..... I'm more concerned that this shows that a decrypted/decryptable version of my password is available from my machine :unsure (and as you say, anyone who can see my screen)[/quote'] How so? You make a request for information through the poker client(?) The poker client accesses the web site and requests the information to be shown through your browser(?) Its strange the way it does it but does the fact that your details are shown in the address bar mean that they are available from your machine without following the above process? :unsure
Link to comment
Share on other sites
GaF

GaF

Posted
  • Author
Posted

Re: Passwords in Mansion

I've tried clicking on various options within Mansion (lobby options' date=' my account, cashier....) and am not getting anything displaying my password or the address showing like GaF's screen. Maybe the problem is in the browser in use? (not that I know about these things. I'm on erm....BT Yahoo I think :$).[/quote'] Open a tournament lobby (Highlight a tournament, then click "Go to tournament" button), then click on "Tournament Info" - what do you get? (the url I showed, redirects after a few seconds)
Link to comment
Share on other sites
Sharpe1ne

Sharpe1ne

Posted
Posted

Re: Passwords in Mansion

That's where I go after the redirect :unsure Is anyone else seeing their password or is it just me? :unsure
Having had to click on cashier and try and catch the url at the top,yes it does show my password. Mind you with not being able to get tourny lobby's and having tons of trouble withdrawing from my account(i don't possess the card that i deposited with anymore and have no bank records to give them,i just can't get any money out of there,even though i put in a token £10 through Neteller i can't withdraw) then i just think there a set of useless gimboids.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...