Silk Road forums
Support => Bug reports => Topic started by: MadScyentist on August 13, 2013, 07:05 pm
-
This issue did not occur with me, but a user on reddit is reporting that he was logged in to someone elses account.
I'm not sure if he/she reported it to you guys, but in an effort to be proactive and nip this bug, I wanted to let you guys know.
http://www.reddit.com/r/SilkRoad/comments/1kahg4/logged_in_to_another_users_account/
"So this just happened to me, and it's kind of off putting. I opened my tor browser, loaded smoothly, but when it opened it told me "Sorry, you are not using Tor." This has never happened to me before, and this probably wasn't a good idea, but I go to my bookmarks, and click the SR Psychedelics bookmark. This usually takes me to the login page, but instead, I'm told I'm logged in as another user. Good thing a pin is required, because I'd have free reign over their bitcoin. Any explanation for this?"
-
The odds were so low for what is called a collision that it was overlooked, but indeed a collision occurred in this case. The chances of it happening were about 1 in 10e^26. That's 10 with 26 zeros. Anyway, forensics showed it was the only incidence and we've added a uniqueness check that will prevent this from happening again. I was actually suspicious when we had a bug free release of the new system!
That guy should buy a lotto ticket if he still managed to make that happen even after it was apparently "fixed".
-
This seriously needs to be addressed; the bug went from being a 1 in 10^26 chance to happening TWICE in three weeks.
-
Where did the last thread about this go??
-
Where did the last thread about this go??
I believe you are referring to this:
http://dkn255hz262ypmii.onion/index.php?topic=193324.msg1446983#msg1446983