Challenge points

I'm not really sure what happened but some challenges I haven't done yet are showing up as completed. Has this happened to anyone else??

dillyboy1985 wrote: Has this happened to anyone else?? Not me.

Strange, I've never heard of this. You might want to consider changing your password, perhaps your sharing your account with someone? Or maybe you just drink a lot of alcohol and forget shit? That's always possible as well.

Just noticed this happen to me also.

All of the application challenges, 11 of the 12 encryption challenges and a few others now show as completed.

It seemed to happen while I was logged on doing the patching challenges.

i just noticed the same. I think in the past I might have done or at least tried one or two application challenges. But I doubt I even ever tried the encryption challenges. Most of them are now marked as passed.

As stealth- said, you might want to change your passwords.

First thing I did when I noticed was change my password, log out and log back in.

I always use a unique, generated password for everything though. Certainly not easily guessable.

Some sort of session takeover?

I'd like to get the challenges I haven't done myself reset.

Any idea who the best person to contact is?

The reason I ask is because I pm'd mr_cheese regarding another matter to do with a challenge error where I got a message telling me to contact him and have yet to receive a response.

The error was in tracking 2, which he knows about and is fixing, Just redo the challenges there's no real need to reset them.

Firstly, I'd prefer not to have to manually keep track of challenges I have completed.

More importantly, if there is a session takeover vulnerability it should be addressed.

my password is only like one week old. also, wouldn't it be strange that it would be exactly the same challenges and amount of challenges? But I will change it again to be sure.

<ynori7> yeah, the challenge completions are CSRFable, and somebody put it in their sig so a bunch of people got credit for stuff they didn't do

I was asking on IRC tonight about that b/c I noticed I had the same stuff happened on mine. Though before I asked, I went ahead and changed my pass.

well that's an interesting turn of events…