chevron_left chevron_right
Login Register invert_colors photo_library


Stay updated and chat with others! - Join the Discord!
Thread Rating:
  • 0 Vote(s) - 0 Average


Discord introduced logging in via QR code, possible to exploit filter_list
Author
Message
Discord introduced logging in via QR code, possible to exploit #1
Discord recently introduced logging in via QR code, witch is pretty handy when desktop version randomly decides to log you out.
However as you may have noticed, a small exploit exists: a person can create a QR code and trick some one else to scan it, this way that person would get full access to the victim's account.

[Pikami's fun tips]
For people using discord: NEVER and I mean NEVER scan a QR code for Discord-related gifts or prizes including Nitro giveaways, trough the Discord mobile app, EVER.
You are NOT redeeming the "prize", you're giving someone FULL access to your account, regardless of 2FA. Until Discord adds a notice to their app, you'll have to be extremely cautious about this.
For server owners: Please inform your members and staff about this feature to avoid spam/server takeover.
For the black-hats out there: (the mentioned timing values are taken at the time of writing and might change)
  • The QR code is present on the login page of discord.
  • You have to keep the page open for the QR code to be valid since a heart-beat packet is sent roughly every 41 seconds.
  • The QR code is only valid for 2 minutes, so you need to keep updating it until someone scans it.
(This post was last modified: 01-12-2020, 11:28 PM by Pikami.)

[+] 1 user Likes Pikami's post
Reply

Discord introduced logging in via QR code, possible to exploit #2
Gimmicky thing to implement, made worse by the security implications. Thankfully I don't know anyone that would scan a QR code.
[Image: 7ajmN5P.jpg]

Discord: Oni#6099
Skype: oni_sl (Add)
Steam: Oni | SL (Add)

Reply

RE: Discord introduced logging in via QR code, possible to exploit #3
Quote:You are NOT redeeming the "prize", you're giving someone FULL access to your account
This comes as no surprise.

I've never scanned a QR code, and never will In any capacity.
Thanks for the heads-up.
[Image: AD83g1A.png]

Reply

DlSCORD introduced logging in via QR code, possible to exploit #4
It's kind of weird why you would even try to redeem a nitro code in the first place if you scan a QR code to redeem nitro. Nitro doesn't even come in a QR code.
“The saddest thing about betrayal is that it never comes from enemies, it comes from those you trust the most.”— XXXTENTACION

[+] 1 user Likes XXXTENTAClON's post
Reply

RE: Discord introduced logging in via QR code, possible to exploit #5
(01-13-2020, 02:37 PM)XXXTENTAClON Wrote: It's kind of weird why you would even try to redeem a nitro code in the first place if you scan a QR code to redeem nitro. Nitro doesn't even come in a QR code.

I can't see any of our members falling for this personally, but there's always exceptions. Mainly because Nitro is given via inline messaging already.
[Image: 7ajmN5P.jpg]

Discord: Oni#6099
Skype: oni_sl (Add)
Steam: Oni | SL (Add)

Reply

RE: Discord introduced logging in via QR code, possible to exploit #6
I've never used QR codes for anything, but I do feel that this a fine example of making something easier to use with a gimmick that compromises security.
[Image: 4GNsK67.png]

Reply






Users browsing this thread: 1 Guest(s)