Angrymoleratsbaggle Posted January 2, 2021 Share Posted January 2, 2021 I posted this in the AtariVCS subreddit, thought some here would find it interesting. Well digging around trying to add some open source games to the Dashboard I found that the account info is stored in plain text in a json file. The file is located at /home/user/.config/unity3d/Atari/Dashboard/Production/GameDoc/LocalDB/Session.json I found it using a Fedora live disk, on Fedora its mounted in /run/media/liveuser/storage instead of /home It includes email, pin, password, nick name, and date of birth. It appears the password is something generated and used for creating an authorization token for the store. The token is also listed in the file. The Session.json file appears to store the info for anyone with an account on the system. 2 1 Quote Link to comment Share on other sites More sharing options...
justclaws Posted January 2, 2021 Share Posted January 2, 2021 I suggest you prevent the console from being stolen, in that case. ? Thank goodness for SSL, in regard to communication with the server. I believe that information is per-console, though? I don't know yet if it's possible to login to another console with account details from another machine. I think accounts are local at this time. I am looking forward to looking more deeply into the differences between AtariOS versions as they come along, if it's still possible. Quote Link to comment Share on other sites More sharing options...
CPUWIZ Posted January 3, 2021 Share Posted January 3, 2021 Is this "system" wipeable? If not, FAIL². 3 Quote Link to comment Share on other sites More sharing options...
Angrymoleratsbaggle Posted January 3, 2021 Author Share Posted January 3, 2021 1 minute ago, CPUWIZ said: Is this "system" wipeable? If not, FAIL². You can install other OSes on it in place of the Atari OS. I had it dual booting Fedora and Windows 10 for a couple days. I put the AtariOS back on because someone asked if I could see if it'd boot after restoring the OS. 1 Quote Link to comment Share on other sites More sharing options...
orange808 Posted January 3, 2021 Share Posted January 3, 2021 (edited) Plain text PII/credentials on the VCS are not something people want to see from a company that is involved in cryptocurrency. ? Edited January 3, 2021 by orange808 3 Quote Link to comment Share on other sites More sharing options...
CPUWIZ Posted January 3, 2021 Share Posted January 3, 2021 13 minutes ago, orange808 said: Plain text PII/credentials on the VCS are not something people want to see from a company that is involved in cryptocurrency. ? Come on now, what could possibly go wrong? 4 Quote Link to comment Share on other sites More sharing options...
Cebus Capucinis Posted January 6, 2021 Share Posted January 6, 2021 LMFAO, better hope your Netflix box isn't wide open to the interwebs and that you aren't re-using passwords ? Does it store credit card data anywhere and can I get your IP? "Asking for a friend!" 2 Quote Link to comment Share on other sites More sharing options...
Angrymoleratsbaggle Posted January 6, 2021 Author Share Posted January 6, 2021 20 minutes ago, Cebus Capucinis said: LMFAO, better hope your Netflix box isn't wide open to the interwebs and that you aren't re-using passwords ? Does it store credit card data anywhere and can I get your IP? "Asking for a friend!" The Netflix "app" for it is just a bookmark for Chrome that launches the address directly in Chrome, so should be alright. I don't know about credit card info, the thing is so weakly implemented I don't trust it to enter one. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.