Tapatalk security issue

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Ideas Centre
rajpb
Registered User
Posts: 27
Joined: Sat Mar 24, 2018 11:12 pm

Tapatalk security issue

Post by rajpb » Sat Apr 21, 2018 7:34 am

There is big security issue with tapatalk. Anyone can read any PM.
I know that phpbb.com does not suport tapatalk but there are many phpbb forums with tapatalk plugin on.
You must have account in phpbb forum with tapatalk.
Next take link to PM on this forum and copy it to mail or chat in tapatalk.
Link like this ucp.php?i=pm&mode=view&p=2105316
On the phone/tablet, run the link in the tapatalk app.
When You change pm id in link (p=....), You can see any PM in this forum.

I made two security tickets on the tapatalka page, at first (I made it on the second of April) I did not even get an answer or ticket number. After second (two weeks later) they asked for additional information, but still they did not even give me a ticket number.

I was tested it in 2 different phpbb forums, in one there was phpbb 3.2.2 and tapatalk plugin 2.0.8 - both newest ones.

User avatar
Mick
Support Team Member
Support Team Member
Posts: 20008
Joined: Fri Aug 29, 2008 9:49 am
Location: Cardiff

Re: Tapatalk security issue

Post by Mick » Sat Apr 21, 2018 7:41 am

The best piece of advice is don’t use tapatalk, there are too many security bugs with it as can clearly be seen by the dozens of complaints about it on here. In any case, I don’t see the need for it.
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.

Swanny
Registered User
Posts: 423
Joined: Sun Apr 14, 2002 2:11 am
Location: Canada

Re: Tapatalk security issue

Post by Swanny » Mon May 07, 2018 7:44 pm

I was able to duplicate this issue. Indeed I could craft a link and read multiple PM's. Completely unacceptable. Disabling TT immediately and will contact TT.

LaxSlash1993
Registered User
Posts: 178
Joined: Sat Sep 22, 2012 2:20 am

Re: Tapatalk security issue

Post by LaxSlash1993 » Mon May 07, 2018 8:07 pm

Has a CVE entry been filed against it yet?

User avatar
</Solidjeuh>
Registered User
Posts: 971
Joined: Tue Mar 29, 2016 3:45 am
Location: Aalst (Belgium)
Name: Andy Dm
Contact:

Re: Tapatalk security issue

Post by </Solidjeuh> » Mon May 07, 2018 8:30 pm

Over a few years there where many many many messages here on phpBB.com about tapatalk, all about that it's a piece of sh**. So I really wonder why people are still using it ???
Wij promoten UW muziek in ons forum & delen alles via Sociale media!
Muziek wordt ook toegevoegd in de playlist van
textradio.be!
Mail uw single + hoesje + info naar: info@muziekpromo.net of Solidjeuh@textradio.be
===============
Onze Website: https://www.muziekpromo.net

Swanny
Registered User
Posts: 423
Joined: Sun Apr 14, 2002 2:11 am
Location: Canada

Re: Tapatalk security issue

Post by Swanny » Mon May 07, 2018 8:57 pm

LaxSlash1993 wrote:
Mon May 07, 2018 8:07 pm
Has a CVE entry been filed against it yet?
I don't know what that means.
Froddelaar wrote:
Mon May 07, 2018 8:30 pm
Over a few years there where many many many messages here on phpBB.com about tapatalk, all about that it's a piece of sh**. So I really wonder why people are still using it ???
Because users rage at me when I turn it off. And traffic drops. It is a piece of shit, I agree. But users love it.

User avatar
3Di
Registered User
Posts: 12899
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Tapatalk security issue

Post by 3Di » Mon May 07, 2018 9:21 pm

Want to compensate me for my interest? Donate
Please PM me only to request paid works. Thx.
Extensions, Scripts, MOD porting, Update/Upgrades
My development's activity º PhpStorm's proud user

rajpb
Registered User
Posts: 27
Joined: Sat Mar 24, 2018 11:12 pm

Re: Tapatalk security issue

Post by rajpb » Tue May 08, 2018 6:22 am

LaxSlash1993 wrote:
Mon May 07, 2018 8:07 pm
Has a CVE entry been filed against it yet?
no

User avatar
Ger
Recognised Extension Developer
Posts: 1678
Joined: Wed Jan 02, 2008 7:35 pm
Location: 192.168.1.100
Contact:

Re: Tapatalk security issue

Post by Ger » Tue May 08, 2018 11:13 am

Swanny wrote:
Mon May 07, 2018 8:57 pm
Because users rage at me when I turn it off.
You might want to explain to them that if you turn it back on, their PM's will be visible for the world. And also explain that phpBB has been responsive for quite some years now and how they can create a shortcut from their homescreen.
My extensions:
Simple CMS, Feed post bot, Avatar Resize, Modbreak, Magic OGP, Live topic update, Modern Quote, Quoted Where (GDPR) and Autoresponder.
Newest: FAQ manager for 3.2

Like my work? Buy me a coffee to keep it coming. :ugeek:
-Available for custom work-

kamyk25
Registered User
Posts: 9
Joined: Tue May 08, 2018 12:27 am

Re: Tapatalk security issue

Post by kamyk25 » Tue May 08, 2018 3:18 pm

Taptalk have many gaps for example it not work with cloudflare. I really dont like this app I prefer to give users nice responsive style to use on phones, but they like to use taptalk so I have to keep this app. :(

User avatar
Ger
Recognised Extension Developer
Posts: 1678
Joined: Wed Jan 02, 2008 7:35 pm
Location: 192.168.1.100
Contact:

Re: Tapatalk security issue

Post by Ger » Tue May 08, 2018 5:40 pm

kamyk25 wrote:
Tue May 08, 2018 3:18 pm
Taptalk have many gaps for example it not work with cloudflare. I really dont like this app I prefer to give users nice responsive style to use on phones, but they like to use taptalk so I have to keep this app. :(
Do they also like to have their private messages public?
My extensions:
Simple CMS, Feed post bot, Avatar Resize, Modbreak, Magic OGP, Live topic update, Modern Quote, Quoted Where (GDPR) and Autoresponder.
Newest: FAQ manager for 3.2

Like my work? Buy me a coffee to keep it coming. :ugeek:
-Available for custom work-

Swanny
Registered User
Posts: 423
Joined: Sun Apr 14, 2002 2:11 am
Location: Canada

Re: Tapatalk security issue

Post by Swanny » Tue May 08, 2018 7:26 pm

kamyk25 wrote:
Tue May 08, 2018 3:18 pm
Taptalk have many gaps for example it not work with cloudflare. I really dont like this app I prefer to give users nice responsive style to use on phones, but they like to use taptalk so I have to keep this app. :(
It works fine with Cloudflare, I've been doing that for quite a while. At most you'd have to setup a page rule to exclude the /mobiquo/ and /ext/tapatalk/ folders in CF.

Swanny
Registered User
Posts: 423
Joined: Sun Apr 14, 2002 2:11 am
Location: Canada

Re: Tapatalk security issue

Post by Swanny » Tue May 08, 2018 7:26 pm

UPDATE: Tapatalk got back to me within a day. Good news:
MAY 08, 2018 | 07:12AM UTC
Summer replied:
Hello,
Thank you for contacting Tapatalk!
This is a known issue and we’ve fixed it.
And we plan to release the new version on this week.
Please watch the change-log for your forum platform and update accordingly:
https://www.tapatalk.com/groups/tapatal ... -s110.html

Apologize for the inconvenience. Let us know if you have any questions.

Regards,
Tapatalk Support Team
Tapatalk is still a huge piece of shit so I won't turn it back on right away. I'll wait and see if anyone rages for a few weeks and again evaluate traffic levels.

User avatar
Mick
Support Team Member
Support Team Member
Posts: 20008
Joined: Fri Aug 29, 2008 9:49 am
Location: Cardiff

Re: Tapatalk security issue

Post by Mick » Wed May 09, 2018 7:09 am

Ger wrote:
Tue May 08, 2018 11:13 am
You might want to explain to them that if you turn it back on, their PM's will be visible for the world. And also explain that phpBB has been responsive for quite some years now and how they can create a shortcut from their homescreen
Basically this, you set the rules not the users.👍🏼

Does tapatalk still have the issue of making all new users moderators?
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.

User avatar
Wes of StarArmy
Registered User
Posts: 288
Joined: Fri Mar 04, 2005 2:59 am
Location: StarArmy.com
Contact:

Re: Tapatalk security issue

Post by Wes of StarArmy » Thu May 10, 2018 1:21 pm

I have two+ Tapatalk forums because Tapatalk bought Network54 and Yuku (was ezBoard) and I'm currently looking into ways to get my databases out of their clutches. Hearing about security issues like this just makes it more urgent. Might just end up using some sort of scraper to get my content then disable the Tapatalk boards.

I never asked to be one of their users. :(

Post Reply

Return to “phpBB Discussion”

Who is online

Users browsing this forum: No registered users and 42 guests