account creation will be re-enabled sometime soon i promis
Kingword Leaks: Difference between revisions
No edit summary |
|||
Line 6: | Line 6: | ||
'''Kingword:''' JY736!#2##92 | '''Kingword:''' JY736!#2##92 | ||
'''Description''' - | '''Description''' - Donutscout discovers a vulnerability related to the Error Feedback window, which was then used to leak Jy's setting ls, which included the kingword, causing the leak. | ||
'''Action taken''' - Jy demoted. | '''Action taken''' - Jy initially demoted and then reinstated as king after the vulnerability was proven. | ||
=== Godmode leak (March 6, 2024) === | === Godmode leak (March 6, 2024) === | ||
'''Godword:''' Gdansk240409 | '''Godword:''' Gdansk240409 |
Revision as of 12:21, 20 July 2024
This article provides descriptions of the times the administrative passwords (called "kingword" and "godword") were revealed to the public, or notable false positives, and the action taken to correct them. The list will be ordered from newest to oldest.
Leaks
Jy leak (July 20, 2024)
Kingword: JY736!#2##92
Description - Donutscout discovers a vulnerability related to the Error Feedback window, which was then used to leak Jy's setting ls, which included the kingword, causing the leak.
Action taken - Jy initially demoted and then reinstated as king after the vulnerability was proven.
Godmode leak (March 6, 2024)
Godword: Gdansk240409
Description - Due to a hasty FTP transfer, the settings file was accidentally placed in the frontend folder which granted everyone access to all server settings. The godword and the now obsolete kingword (read below) were both stored in plaintext. This was the most severe leak thanks to all the IP leaks made possible by the IP mute feature.
Action taken - Godword changed and administrative passwords will be hashed from BonziWORLD 7.0.0 and onwards. Entirely new systems of authentication are open to consideration.
HogFear leak (February 21, 2024)
Kingword: HogFear2024
Description - The kingword was leaked due to unknown causes, it's suspected that a moderator did it but it could be due to the above data breach, as the date of the FTP transfer that caused it was unknown.
Action taken - Kingwords were made unique for every moderator. The new unique kingwords are not stored in the server settings file.
"MR JEW" fake leak (February 13, 2024)
Kingword: URGHABUJISTAN782
Description - False positive caused by a trial-king who also requested the demotion of a different king.
Action taken - MR JEW demoted.
"GOTH" leak (January 22, 2024)
Kingword: JabbaGod27
Description - GOTH was likely Moon Man, a BonziWORLD king, under a fake identity to leak the kingword. This has not been fully confirmed.
Action taken - Moon Man demoted (repromoted at the time of this edit). Kingword changed.
"Rapefuck" word (2023?)
Not much is known with this kingword, however it was from the Bonzi.ga days and might have been leaked somewhere in 2023 by Jabba. This was found by donutscout (or BlockofShize).
Unless there is proper proof, this is unconfirmed.