Account security compromised

Questions and Answers : Preferences : Account security compromised

Author	Message
Bournecruncher Send message Joined: 30 May 99 Posts: 1 Credit: 1,770,548 RAC: 0	Message 20992 - Posted: 1 Sep 2004, 16:24:14 UTC
	It appears that boincstats.com not only has access to project data, but also to individual accounts. It publicly displays the BOINC Cross Platform Identifier (password), thus enabling any internet user to access and manipulate any BOINC/seti@home user account. How can this opening for possible abuse be plugged?
	ID: 20992 ·

Keck_Komputers Volunteer tester Send message Joined: 4 Jul 99 Posts: 1575 Credit: 1,382,922 RAC: 1,106	Message 21107 - Posted: 1 Sep 2004, 20:30:59 UTC
	The cross project ID is not your password allthough they are in the same format so it is easy to get confused. John Keck -- BOINCing since 2002/12/08 --
	ID: 21107 ·

Heffed Volunteer tester Send message Joined: 19 Mar 02 Posts: 1856 Credit: 40,736 RAC: 0	Message 21129 - Posted: 1 Sep 2004, 21:04:34 UTC
	Yes, the CPID is benign...
	ID: 21129 ·

paul milton Send message Joined: 24 Feb 03 Posts: 56 Credit: 73,265 RAC: 0	Message 22999 - Posted: 6 Sep 2004, 17:07:55 UTC - in response to Message 21107.
	> The cross project ID is not your password allthough they are in the same > format so it is easy to get confused. > John Keck -- BOINCing since 2002/12/08 -- <a> href="http://www.boinc.dk/index.php?page=user_statistics&project=sah&userid=138092"> > what password? last time i checkd the boinc account dosent have a password, and if it dose i must have missd that step!
	ID: 22999 ·

Vorik Volunteer tester Send message Joined: 29 May 02 Posts: 19 Credit: 53,206 RAC: 33	Message 23012 - Posted: 6 Sep 2004, 17:41:20 UTC Last modified: 6 Sep 2004, 22:17:51 UTC
	I think he means the account ID. That is what you need to change preferences. The cross project ID is something else.
	ID: 23012 ·

Questions and Answers : Preferences : Account security compromised