Audiophile Torrent Site What.CD Fully Pwnable Thanks To Wrecked RNG

Reader mask.of.sanity writes: Users of popular audiophile torrent site What.CD can make themselves administrators to completely compromise the private music site and bypass its notorious download ratio limits thanks to the use of the mt_rand function for password resets, a researcher has found. From the report (edited and condensed):What.CD is the world's most popular high quality music private torrent site that requires its users to pass an interview testing their knowledge of audio matters before they are granted an account. Users must maintain a high upload to download ratio to continue to download from the site. [...] "I reported it a year ago, and they acknowledged it but said 'don't worry about it,'" said New-Zealand-based independent security researcher who goes by the alias ss23.

Re:High download ratio?

While many private sites have unreasonable upload ratios, what.cd isn't one of them. They have a graduated scale based on how much you've downloaded, but even at the highest point it's only 0.6, which is pretty easy to maintain even without all the freeleech tokens they hand out at holidays and special events.

Re:implying "audiophiles" have a clue

The audiophiles on the torrent site care about proper rips, not fucking audio cables. Take your worthless jabs elsewhere.

"Proper rips" means that the audio doesn't contain 50-ms gaps of zeroed-out data because the CD had a scratch.

captcha: channels