iplay accounts have the feature that you can change the password while logged in, without knowing the current password. it's pretty obvious that a few people here, cough http://filesharingtalk.com/vb3/f-bittorrent-invites-90/t--old-iplay--215342
cough and others are scamming people using this security bug. however, if you want to try your luck, go ahead, but you have been warned.

how does the guy login in the first place if he doesn't have the password?

how does the guy login in the first place if he doesn't have the password?

I think he ment that I can get my account back even after I traded it :D

how does the guy login in the first place if he doesn't have the password?

Guy a has login & pwd (x & y)
Guy a gives details to Guy b (x & y)
Guy a remains forever logged in though (easy to do on a seedbox)
Guy b has the account, logs in and changes password, uses account for 2 or 3 days, nothing strange
Guy a (remember is still logged in - changes details, (doesn't need new password from guy b)
Guy b logs out, comes back - can't log in
Guy a now has total control of the account again, and says sorry to guy b, must have been disabled
Guy a runs off laughing

instead, it has a password change hint & answer set. you can reset it in your profile page.

that is a security flaw,

I know he means that, its the changing password without knowing the current pw that doesn't make sense.
How did they gain access in the first place if they don't know the original pw?

The original owner is a scammer! :angry:

I know he means that, its the changing password without knowing the current pw that doesn't make sense.
How did they gain access in the first place if they don't know the original pw?

Because they traded it between themselves such as say czone for iplay.

how does the guy login in the first place if he doesn't have the password?

Guy a has login & pwd (x & y)
Guy a gives details to Guy b (x & y)
Guy a remains forever logged in though (easy to do on a seedbox)
Guy b has the account, logs in and changes password, uses account for 2 or 3 days, nothing strange
Guy a (remember is still logged in - changes details, (doesn't need new password from guy b)
Guy b logs out, comes back - can't log in
Guy a now has total control of the account again, and says sorry to guy b, must have been disabled
Guy a runs off laughing

It's kinda strange, because guy B still have the authentication cookie and can login and change password just the same.

Just dont trade accounts and you have no problems in the first place. Period.





Guy a has login & pwd (x & y)
Guy a gives details to Guy b (x & y)
Guy a remains forever logged in though (easy to do on a seedbox)
Guy b has the account, logs in and changes password, uses account for 2 or 3 days, nothing strange
Guy a (remember is still logged in - changes details, (doesn't need new password from guy b)
Guy b logs out, comes back - can't log in
Guy a now has total control of the account again, and says sorry to guy b, must have been disabled
Guy a runs off laughing

It's kinda strange, because guy B still have the authentication cookie and can login and change password just the same.
And then guy A logs in and changes it again - and this goes on in an infinite loop till the end of the world... :D:D

And may be guy A is a nice trusted guy and he wont do that ... :D

Does this only works on iplay?

i know it works on iplay because i was scammed, and i believe there is a thread up now that is going to scam people.... most sites i know require the current password.

Just dont trade accounts and you have no problems in the first place. Period.




It's kinda strange, because guy B still have the authentication cookie and can login and change password just the same.
And then guy A logs in and changes it again - and this goes on in an infinite loop till the end of the world... :D:D

funny of you to say that.