Kudos to WI for getting this information out there. People need to know how to prevent this.

On another note, this is a colossal failure on Blizzard's part. Even a half-trained monkey knows how to do basic permission handling better then this.

Reply

I wouldn't say they failed, but that is quite the bug, considering one's permissions should be reset upon quitting and joining a new guild. I would have thought that unless the guild was giving low levels bank access, being a new recruit you would not have bank access.

Perhaps what they should do is disallow the lowest rank of guilds to access the bank by default, and the GM would have to elevate a new person up to the next level or whatever level for bank access.

Reply

Wow.


Just scored 2,000g with this. Thanks.

Reply

@3 Your mother would be proud.

Reply

Yeah obviously an addon giving the functionality 'move all from guild bank slots' would be easy to write. The inability to see this was poor.

At least banks didn't come out in 2.0 whatever.

Reply

Blizzard better off refunds to all the guilds who got screwed by this. Shame on Blizzard for letting this bug getting past the PTR.

Reply

Erk- this could show a lot of people how they could make some quick cash.

Maybe you could just say "Make sure you reset everyone's bank rules when they join." It would keeo the idiots away from the banks, at least : /

Reply

Well noname, perhaps you should have reported it?? They would have fixed it if they knew about it.

Reply

im gonna exploit this!

Reply

Well it clearly is a bug, and exploiting bugs leads to bans. One can only hope that the the bans regarding this issue will be permanent ones.

Reply

Blizz can track everything, they COULD ban the entire account for such exploit if they really wanted to. Just a handful of bans until people stop thinking about that.

But we all know they're gonna blame us.

Reply

Why is it taking so long to patch this bug? It sounds like a one line fix that could be rapidly implemented tested and rolled out in the earliest maintenance cycle.

This is a god send for gold scammers to heist resources and affect lots of players.

Reply

anyone who allows new guild recruits unfettered access to the guild bank deserves to get taken for all their worth.

as a side not to those effected, can I get keys to your house and a schedule of when you will be out of town please?

Reply

hi i am the bank alt of X

can you invite me to guild so i can make some deposits?

Reply

Is this entry somewhat ill advised ? - as it explains clearly how to get away with robbing a bank!!!

Reply

Learn to read idiots, it's not the access they are given by the new guild but the previous guild. Hence why it's a bug, if this post was about people allowing new recruits full access then there would be no problem on blizzard's behalf.

Reply

Thanks for this info, will help us protect our guild bank. Looks like from the description, the guild bank privileges are stored per-character on the server, and NOT per rank then looked up using the toon's rank when bank access is needed. This is very poor security design for sure... fer shame blizz!

Reply

I sometimes wonder who runs their Q/A shop. Very simple bugs get into the wild, this would qualify as a negative unit test case for user/application permissioning...seriously its Q/A 101. Blizz catches alot of flack for things that isn't their responsibility/could not be forseen, but this is a dead simple bug that shouldn't have even made it to the PTR in the first place, let alone production!

Reply

There is also a different bug with the logging of transactions. Last night I moved some stuff around in our bank on one character, then logged in with a different character to donate some gold. When I checked the log, all of my previous transactions from the other character were attributed to a completely different person in the guild. That kind of makes the logging system pointless if I'm trying to track down potential abuse.

Also... is it me, or is the log way too short? I see transactions covering about a page's worth, and I *know* there have been more transactions than that. Last gripe... the log should go back at least a couple of weeks.

Reply

"manually reset the new recruit's guild bank permissions immediately upon invite."

Does this mean just giving them a different rank?? Since it's not possible to reset an individual's permissions otherwise. If this is all that needs to be done, then my guild should have no problems since our "New Recruit" rank is not actually our lowest rank - all new members get promoted 2 ranks when they join, and that rank doesn't have bank access.

Reply