#97992: "Secret cards from other player are leaked "
What is this report about?
What happened ? Please select from below
What happened ? Please select from below
Please check if there is already a report on the same subject
If yes, please VOTE for this report. Reports with the most votes are taken care of in PRIORITY!
| # | Status | Votes | Game | Type | Title | Last update |
|---|
Detailed description
• Please copy/paste the error message you see on your screen, if any.
Secret cards from other players can be seen, because they are sent to the browsers of each player. This allows any cheater to get access to a lot of data (didn't check to which extent, but I suppose most of the stuff is accessible).
It is even leaked very shortly by some animations (that's how I got the idea to check).• Please explains what you wanted to do, what you do and what happened
Each time a player put a card on the mine, getting a hidden one, it is temporarily visible with the animation.• What is your browser?
Google Chrome v116
• Please copy/paste the text displayed in English instead of your language. If you have a screenshot of this bug (good practice), you can use Imgur.com to upload it and copy/paste the link here.
Secret cards from other players can be seen, because they are sent to the browsers of each player. This allows any cheater to get access to a lot of data (didn't check to which extent, but I suppose most of the stuff is accessible).
It is even leaked very shortly by some animations (that's how I got the idea to check).• Is this text available in the translation system? If yes, has it been translated for more than 24 hours?
Each time a player put a card on the mine, getting a hidden one, it is temporarily visible with the animation.• What is your browser?
Google Chrome v116
• Please explain your suggestion precisely and concisely so that it's as easy as possible to understand what you mean.
Secret cards from other players can be seen, because they are sent to the browsers of each player. This allows any cheater to get access to a lot of data (didn't check to which extent, but I suppose most of the stuff is accessible).
It is even leaked very shortly by some animations (that's how I got the idea to check).• What is your browser?
Google Chrome v116
• What was displayed on the screen when you were blocked (Blank screen? Part of the game interface? Error message?)
Secret cards from other players can be seen, because they are sent to the browsers of each player. This allows any cheater to get access to a lot of data (didn't check to which extent, but I suppose most of the stuff is accessible).
It is even leaked very shortly by some animations (that's how I got the idea to check).• What is your browser?
Google Chrome v116
• Which part of the rules was not respected by the BGA adaptation
Secret cards from other players can be seen, because they are sent to the browsers of each player. This allows any cheater to get access to a lot of data (didn't check to which extent, but I suppose most of the stuff is accessible).
It is even leaked very shortly by some animations (that's how I got the idea to check).• Is the rules violation visible on game replay? If yes, at which move number?
Each time a player put a card on the mine, getting a hidden one, it is temporarily visible with the animation.• What is your browser?
Google Chrome v116
• Which was the game action you wanted to do?
Secret cards from other players can be seen, because they are sent to the browsers of each player. This allows any cheater to get access to a lot of data (didn't check to which extent, but I suppose most of the stuff is accessible).
It is even leaked very shortly by some animations (that's how I got the idea to check).• What do you try to do to trigger this game action?
Each time a player put a card on the mine, getting a hidden one, it is temporarily visible with the animation.• What happened when you try to do this (error message, game status bar message, ...)?
• What is your browser?
Google Chrome v116
• At which step of the game did the problem occurs (what was the current game instruction)?
Secret cards from other players can be seen, because they are sent to the browsers of each player. This allows any cheater to get access to a lot of data (didn't check to which extent, but I suppose most of the stuff is accessible).
It is even leaked very shortly by some animations (that's how I got the idea to check).• What happened when you try to do a game action (error message, game status bar message, ...)?
Each time a player put a card on the mine, getting a hidden one, it is temporarily visible with the animation.• What is your browser?
Google Chrome v116
• Please describe the display issue. If you have a screenshot of this bug (good practice), you can use Imgur.com to upload it and copy/paste the link here.
Secret cards from other players can be seen, because they are sent to the browsers of each player. This allows any cheater to get access to a lot of data (didn't check to which extent, but I suppose most of the stuff is accessible).
It is even leaked very shortly by some animations (that's how I got the idea to check).• What is your browser?
Google Chrome v116
• Please copy/paste the text displayed in English instead of your language. If you have a screenshot of this bug (good practice), you can use Imgur.com to upload it and copy/paste the link here.
Secret cards from other players can be seen, because they are sent to the browsers of each player. This allows any cheater to get access to a lot of data (didn't check to which extent, but I suppose most of the stuff is accessible).
It is even leaked very shortly by some animations (that's how I got the idea to check).• Is this text available in the translation system? If yes, has it been translated for more than 24 hours?
Each time a player put a card on the mine, getting a hidden one, it is temporarily visible with the animation.• What is your browser?
Google Chrome v116
• Please explain your suggestion precisely and concisely so that it's as easy as possible to understand what you mean.
Secret cards from other players can be seen, because they are sent to the browsers of each player. This allows any cheater to get access to a lot of data (didn't check to which extent, but I suppose most of the stuff is accessible).
It is even leaked very shortly by some animations (that's how I got the idea to check).• What is your browser?
Google Chrome v116
Report history
I don't know if everything is accessible or only certain moves related to the mine (quick look at the Websocket frames makes me think that it is everything, but not sure yet : I didn't try to understand them fully).
Advice : a security check should be done for this game, and then probably a big refactoring, as any information not visible to a player should NOT be sent at all to this player, even if not displayed.
This is a violation of the rules of the game. It should not be possible for the opponent to see the replaced card.
imgur.com/a/2ILsd4n
Add something to this report
- Another table ID / move ID
- Did F5 solve the problem?
- Did the problem appears several time? Everytime? Randomly?
- If you have a screenshot of this bug (good practice), you can use Imgur.com to upload it and copy/paste the link here.
