Hello there,
it'd be good if there was some kind of confirmation code being sent from the bot before being able to sync your identity.
We've now had the case that users were entering other user's UUIDs to their forum account to get them to sync. This is a huge security flaw as they tried to use server admin UUIDs to get server admin permissions assigned to them.
So the workflow would look as following:
- User enters UUID
- A confirmation code gets sent to the user privately via the bot on TS3
- The user enters the confirmation code on the forums
- The sync gets saved
Thanks!
PS: This is how it looks in WBB.
it'd be good if there was some kind of confirmation code being sent from the bot before being able to sync your identity.
We've now had the case that users were entering other user's UUIDs to their forum account to get them to sync. This is a huge security flaw as they tried to use server admin UUIDs to get server admin permissions assigned to them.
So the workflow would look as following:
- User enters UUID
- A confirmation code gets sent to the user privately via the bot on TS3
- The user enters the confirmation code on the forums
- The sync gets saved
Thanks!
PS: This is how it looks in WBB.
Upvote
0
