Page 2 of 3

Re: Tapatalk security issue

Posted: Fri May 25, 2018 4:32 pm
by Swanny
So they released an updated version: https://www.tapatalk.com/groups/tapatal ... -s120.html

No specific mention of fixing the bug, probably because they don't want to publicly admit that they had this MAJOR security flaw.

Who wants to be the guinea pig and install the new version to see if it's fixed. I'm going to wait and see because I hate Tapatalk.

So I've had Tapatalk turned off now for nearly 3 weeks and I gotta say no one complained yet. Posting slowed down slightly but barely noticeable. There are less users on the forum but many people are still finding the site through Google.

Re: Tapatalk security issue

Posted: Sat May 26, 2018 10:37 am
by Mick
Please don’t encourage people to use third party software especially when it’s faulty. This software failed phpBB approval years ago and since then they have not resubmitted supposedly because they can’t fix it.

Re: Tapatalk security issue

Posted: Tue Aug 18, 2020 3:03 pm
by ssl
Hi
What about the new version of Tapatalk?
https://www.tapatalk.com/groups/tapatal ... ml#p244538

Re: Tapatalk security issue

Posted: Tue Aug 18, 2020 3:05 pm
by david63
ssl wrote:
Tue Aug 18, 2020 3:03 pm
What about the new version of Tapatalk?
What about it? Does it now work with extensions.

Re: Tapatalk security issue

Posted: Tue Aug 18, 2020 3:07 pm
by ssl
I just installed it on a test forum in version 3.3.1, yes everything seems to work
 

Re: Tapatalk security issue

Posted: Tue Aug 18, 2020 4:15 pm
by HiFiKabin
Just remember that (as per this topic title) there have been security issues with TAPATALK in the past and if you decide to use it, it is AT YOUR OWN RISK and we can not offer support for TAPATALK on phpbb.com

Re: Tapatalk security issue

Posted: Tue Aug 18, 2020 4:22 pm
by ssl
I know, but my question concerns security precisely, in order to know if there is any improvement with this new version.

Re: Tapatalk security issue

Posted: Tue Aug 18, 2020 5:43 pm
by Lumpy Burgertushie
tapatalk is the only one that knows how it works or doesn't


robert

Re: Tapatalk security issue

Posted: Tue Aug 18, 2020 9:21 pm
by Swanny
ssl wrote:
Tue Aug 18, 2020 4:22 pm
I know, but my question concerns security precisely, in order to know if there is any improvement with this new version.
When I used Tapatalk in the past they knowingly did not fix security issues. I found out one extremely bad bug that I notified them and they didn't fix it and so I disabled TT completely. It allowed any user to view any private message. Is that fixed? Who knows, I don't care anymore.

Re: Tapatalk security issue

Posted: Tue Aug 18, 2020 9:27 pm
by ssl
When I go to private messages with a user account, I only see the PMs of this account

Re: Tapatalk security issue

Posted: Wed Aug 19, 2020 1:30 am
by Swanny
ssl wrote:
Tue Aug 18, 2020 9:27 pm
When I go to private messages with a user account, I only see the PMs of this account
That's not the point. Scroll to the first post in this thread.

Re: Tapatalk security issue

Posted: Wed Aug 19, 2020 6:55 am
by ssl
Well this seems to be solved, by pasting the link of a PM in a message only members concerned by this PM can access it.

For the others


Image

Re: Tapatalk security issue

Posted: Wed Aug 19, 2020 7:49 am
by Paul
That specific security issue might been solved, but I have seen multiple in the past in their code. Giving a quick look at their code (Which gives me personally a instant headache), it shows that they don't follow any of the phpBB extension policies or coding guidelines, and most definitly won't pass any extension validation without a major rewrite.
They also disable specific security features in phpBB, which a extension never should do.

Re: Tapatalk security issue

Posted: Wed Aug 19, 2020 9:06 am
by ssl
Thanks Paul

Re: Tapatalk security issue

Posted: Wed Aug 19, 2020 9:23 am
by rajpb
They fixed this issue a few months after my first post.
BUT
They never officially admitted that they had any problem with it. I have never kept an official security ticket acknowledgment. With this approach, you never know what mistakes they are hiding.

When i disabled tapatalk in my forum tons of users wanted my head. There was a lot of hysteria and screaming.
For many of them, such a security problem was not of serious concern.
I will never turn on this plugin again, because I would probably have to go through it again in a while.