Security Bug Reporting

Question

Security Bug Reporting

Closed this issue 2 years ago · 3 comments

Describe the bug

A clear and concise description of what the bug is.
Please copy and paste or screenshot any error you received.

Hi, I've taken a look through the code upon discovering the game and identified a potential security flaw. Is there a secure channel through which I can report and discuss this?

How to reproduce the bug

Steps to reproduce the behaviour:

Start a new game
Enable a particular setting
…

Expected behaviour

A clear and concise description of what you expected to happen.

Answer 1 · 2022-04-14T17:36:20.000Z

Sure, you can email me at gareth@lattyware.co.uk, you can find my GPG public key (92A57AA673039A4491E6D80E5BDD8CFCA5F0551E) at https://keybase.io/latty to encrypt your message.

Answer 2 · 2022-04-14T17:53:05.000Z

Thank you very much! I'll be in touch soon.

Answer 3 · 2022-04-14T19:53:27.000Z

OK, this got discussed via email, so for context: I've determined this isn't a security risk. It related to game code secrecy, which isn't a primary goal for the project, while it could be improved, it at worst means someone joining your game when you don't want them to, which is annoying rather than a big problem, and can be solved using a game password.

I appreciate the report though, and it'd be nice to improve this at some point, just not a focus now. For now I'll close this issue.