Re: bitZino - Provably Fair Bitcoin Casino - Blackjack, Craps, Roulette, Video Poker
I'm not sure, but I think you're accepting the same code twice. So if an attacker is logging my keystrokes and is quick enough (ie. within the same 30 second window), he can use the same OTP as I just used to log in to my account.
You should make sure an OTP can only be used One Time....
You should make sure an OTP can only be used One Time....
Good catch! This was indeed an issue with the way we implemented 2-factor auth. Although it would have been very difficult for an attacker to exploit this, it was definitely still worth fixing promptly. We have remedied this issue, so now OTP's are truly one-time use. I've also comped your account with another quarter-BTC bonus. Keep the bug reports coming!
Yup! We have a rewards program in the works which I'm really excited about. We've got a lot of long-time loyal players, and we want to make sure to reward you all for playing with us.
Any update on this?
I'm glad your excited about the reward program! We're working hard on it, but we want to make sure we do it right. It can get quite complicated to make sure the right players get rewarded, while also not attracting bonus-abusers. The rough timeline as of now, is that we'll be launching another game shortly, and then be launching the rewards program after that.