Tapatalk security issue

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Anti-Spam Guide
rajpb
Registered User
Posts: 34
Joined: Sat Mar 24, 2018 11:12 pm

Tapatalk security issue

Post by rajpb »

There is big security issue with tapatalk. Anyone can read any PM.
I know that phpbb.com does not suport tapatalk but there are many phpbb forums with tapatalk plugin on.
You must have account in phpbb forum with tapatalk.
Next take link to PM on this forum and copy it to mail or chat in tapatalk.
Link like this ucp.php?i=pm&mode=view&p=2105316
On the phone/tablet, run the link in the tapatalk app.
When You change pm id in link (p=....), You can see any PM in this forum.

I made two security tickets on the tapatalka page, at first (I made it on the second of April) I did not even get an answer or ticket number. After second (two weeks later) they asked for additional information, but still they did not even give me a ticket number.

I was tested it in 2 different phpbb forums, in one there was phpbb 3.2.2 and tapatalk plugin 2.0.8 - both newest ones.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26503
Joined: Fri Aug 29, 2008 9:49 am

Re: Tapatalk security issue

Post by Mick »

The best piece of advice is don’t use tapatalk, there are too many security bugs with it as can clearly be seen by the dozens of complaints about it on here. In any case, I don’t see the need for it.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
Swanny
Registered User
Posts: 486
Joined: Sun Apr 14, 2002 2:11 am
Location: Canada

Re: Tapatalk security issue

Post by Swanny »

I was able to duplicate this issue. Indeed I could craft a link and read multiple PM's. Completely unacceptable. Disabling TT immediately and will contact TT.
LaxSlash1993
Registered User
Posts: 182
Joined: Sat Sep 22, 2012 2:20 am

Re: Tapatalk security issue

Post by LaxSlash1993 »

Has a CVE entry been filed against it yet?
User avatar
</Solidjeuh>
Registered User
Posts: 1788
Joined: Tue Mar 29, 2016 3:45 am
Location: Aalst (Belgium)
Name: Andy Dm
Contact:

Re: Tapatalk security issue

Post by </Solidjeuh> »

Over a few years there where many many many messages here on phpBB.com about tapatalk, all about that it's a piece of sh**. So I really wonder why people are still using it ???
Swanny
Registered User
Posts: 486
Joined: Sun Apr 14, 2002 2:11 am
Location: Canada

Re: Tapatalk security issue

Post by Swanny »

LaxSlash1993 wrote: Mon May 07, 2018 8:07 pm Has a CVE entry been filed against it yet?
I don't know what that means.
Froddelaar wrote: Mon May 07, 2018 8:30 pm Over a few years there where many many many messages here on phpBB.com about tapatalk, all about that it's a piece of sh**. So I really wonder why people are still using it ???
Because users rage at me when I turn it off. And traffic drops. It is a piece of shit, I agree. But users love it.
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco
Contact:

Re: Tapatalk security issue

Post by 3Di »

🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
rajpb
Registered User
Posts: 34
Joined: Sat Mar 24, 2018 11:12 pm

Re: Tapatalk security issue

Post by rajpb »

LaxSlash1993 wrote: Mon May 07, 2018 8:07 pm Has a CVE entry been filed against it yet?
no
User avatar
Ger
Registered User
Posts: 2108
Joined: Wed Jan 02, 2008 7:35 pm
Location: 192.168.1.100
Contact:

Re: Tapatalk security issue

Post by Ger »

Swanny wrote: Mon May 07, 2018 8:57 pm Because users rage at me when I turn it off.
You might want to explain to them that if you turn it back on, their PM's will be visible for the world. And also explain that phpBB has been responsive for quite some years now and how they can create a shortcut from their homescreen.
My extensions:
Simple CMS, Feed post bot, Avatar Resize, Modbreak, Magic OGP, Live topic update, Modern Quote, Quoted Where (GDPR) and Autoresponder.
Newest: FAQ manager for 3.2

Like my work? Buy me a coffee to keep it coming. :ugeek:

-Don't PM me for support-
kamyk25
Registered User
Posts: 22
Joined: Tue May 08, 2018 12:27 am

Re: Tapatalk security issue

Post by kamyk25 »

Taptalk have many gaps for example it not work with cloudflare. I really dont like this app I prefer to give users nice responsive style to use on phones, but they like to use taptalk so I have to keep this app. :(
User avatar
Ger
Registered User
Posts: 2108
Joined: Wed Jan 02, 2008 7:35 pm
Location: 192.168.1.100
Contact:

Re: Tapatalk security issue

Post by Ger »

kamyk25 wrote: Tue May 08, 2018 3:18 pm Taptalk have many gaps for example it not work with cloudflare. I really dont like this app I prefer to give users nice responsive style to use on phones, but they like to use taptalk so I have to keep this app. :(
Do they also like to have their private messages public?
My extensions:
Simple CMS, Feed post bot, Avatar Resize, Modbreak, Magic OGP, Live topic update, Modern Quote, Quoted Where (GDPR) and Autoresponder.
Newest: FAQ manager for 3.2

Like my work? Buy me a coffee to keep it coming. :ugeek:

-Don't PM me for support-
Swanny
Registered User
Posts: 486
Joined: Sun Apr 14, 2002 2:11 am
Location: Canada

Re: Tapatalk security issue

Post by Swanny »

kamyk25 wrote: Tue May 08, 2018 3:18 pm Taptalk have many gaps for example it not work with cloudflare. I really dont like this app I prefer to give users nice responsive style to use on phones, but they like to use taptalk so I have to keep this app. :(
It works fine with Cloudflare, I've been doing that for quite a while. At most you'd have to setup a page rule to exclude the /mobiquo/ and /ext/tapatalk/ folders in CF.
Swanny
Registered User
Posts: 486
Joined: Sun Apr 14, 2002 2:11 am
Location: Canada

Re: Tapatalk security issue

Post by Swanny »

UPDATE: Tapatalk got back to me within a day. Good news:
MAY 08, 2018 | 07:12AM UTC
Summer replied:
Hello,
Thank you for contacting Tapatalk!
This is a known issue and we’ve fixed it.
And we plan to release the new version on this week.
Please watch the change-log for your forum platform and update accordingly:
https://www.tapatalk.com/groups/tapatal ... -s110.html

Apologize for the inconvenience. Let us know if you have any questions.

Regards,
Tapatalk Support Team
Tapatalk is still a huge piece of shit so I won't turn it back on right away. I'll wait and see if anyone rages for a few weeks and again evaluate traffic levels.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26503
Joined: Fri Aug 29, 2008 9:49 am

Re: Tapatalk security issue

Post by Mick »

Ger wrote: Tue May 08, 2018 11:13 amYou might want to explain to them that if you turn it back on, their PM's will be visible for the world. And also explain that phpBB has been responsive for quite some years now and how they can create a shortcut from their homescreen
Basically this, you set the rules not the users.👍🏼

Does tapatalk still have the issue of making all new users moderators?
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
Wes of StarArmy
Registered User
Posts: 291
Joined: Fri Mar 04, 2005 2:59 am
Location: StarArmy.com
Contact:

Re: Tapatalk security issue

Post by Wes of StarArmy »

I have two+ Tapatalk forums because Tapatalk bought Network54 and Yuku (was ezBoard) and I'm currently looking into ways to get my databases out of their clutches. Hearing about security issues like this just makes it more urgent. Might just end up using some sort of scraper to get my content then disable the Tapatalk boards.

I never asked to be one of their users. :(
Post Reply

Return to “phpBB Discussion”