Announcement

Collapse
No announcement yet.

[WARNING] Use a **THROWAWAY PASSWORD** for **EVERYTHING** that connects to GT servers

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [WARNING] Use a **THROWAWAY PASSWORD** for **EVERYTHING** that connects to GT servers

    Why is the title so overexaggerated? It's not, I am being serious.

    Growtopia sends login information IN PLAIN TEXT which is EXTREMELY BAD for security, as anyone could SPOOF the Growtopia IP to link to their own server which steals the login credentials and redirects you to real growtopia servers. (Usually a modified client) Also, to add insult to injury, the Growtopia servers send back the login information (username & password) wherein the username is changed to the correct case (you might have noticed that when you typed your name in lowercase, it changes to an uppercase name once you log on). The Growtopia client has NO way of changing JUST the username, so a password needs to be supplied, too.

    Running a modded game proxy could also cause such issues, as the proxy resends the logon packet to real growtopia servers.
    Last edited by pannenkoek2012; 07-15-2020, 09:44 AM.

  • #2
    source? .
    pet egg. eggie boi. it him.

    road to 1 blue gem lock - 3/100dls
    level 125 - 33/125

    Comment


    • #3
      This thread already addresses the issue and received a reply from NekoRei. I am no security expert, so take it for what you see.
      Originally posted by tson
      *** concentrated yeast hell no i didnt eat that ****
      Just finished transcribing this…deliberating on whether or not to adapt it into Growtopia.
      The answer is yes and at NOTE63.

      Contact Info:

      Comment


      • #4
        I am not talking about the serversided stuff, that is fine. What isn't, is the password transferring between client and server upon login.
        Last edited by pannenkoek2012; 07-15-2020, 09:45 AM.

        Comment


        • #5
          Idk what to change my password to...

          Give me some ideas!
          [MVP++] GhastK [G]




          Instagram
          wait.. this isn't hypixel

          Comment


          • #6
            Originally posted by GHAST View Post
            Idk what to change my password to...

            Give me some ideas!
            justinbieberlover69

            ░▒▓███████▓▒░
            ▷▷Retired poster◁◁
            ░▒▓███████▓▒░
            ┅⊏⧖⊐┅
            https://youtu.be/wJZjZyuHJFY

            Comment


            • #7
              Originally posted by GHAST View Post
              Idk what to change my password to...

              Give me some ideas!
              I hope you don't change your password to any of the given ideas, they will try and hack you possibly.

              Comment


              • #8
                End to end encryption is the way to go, it would also destroy private servers and i hope they do something about this.

                Comment

                Working...
                X