PSA ElvUI Users - "ElvUI has a backdoor and how to remove it"

[Elvine]

http://www.reddit.com/r/wow/comments..._to_remove_it/


I don't think the issue at hand is if Elv did something malicious via this code. Admins / Mods already admit he has mess with people he knew or guildmates in the past. That right there is enough to cause concern in a public release downloaded by thousands of players.



Personally, I wouldn't want a dev to have the ability to decide if they wanted to mess with me or not when I use their addon. That said I don't use ElvUI and this is just my personal opinion.

Don't shoot the messenger! :x

[Gumboy]

That is incredibly shady..wth?

Glad I make my own UI I guess :P

[Slowpoke is a Gamer]

That is incredibly shady..wth?

Glad I make my own UI I guess :P

That is VERY shady.

There's no legit reason to put that backdoor in. Essentially you created an army of potential spambots.

[Darsithis]

This is really, really unfortunate news. I, along with half my raid, use ElvUI

[Anonymous1038853]

That is incredibly slimy.

[intrinsc]

According to Elv, the updated 7.08 version removes this code.

[QwertySham]

Thank you for this PSA. So shady....

[Deleted]

This is hilarious. I would LOVE to see this happen to people during a farm raid considering how stale SoO is.

Reddit comments made me laugh aswell 'inform the police' lmao, someone made me auto follow a person in LFR. You're going to jail now son.

[Gurushock]

Crap.... Am I about to go back to default UI?

[Darth Belichick]

According to Elv, the updated 7.08 version removes this code.

Why was it there in the first place though? Glad I never used it and made my own. Very shady.

[Friberg]

7.08 no longer contains this code anymore. I'll use a standalone addon for testing with guildies. Let me put peoples mind at ease. If you update to 7.08 it won't be possible for this to happen.

[Morllinor]

http://www.tukui.org/forums/topic.php?id=31897

You can find elvui dev explanation here .

[Anonymous1038853]

According to Elv, the updated 7.08 version removes this code.

Still doesn't explain why it was implemented in a release version to begin with.

Edit: Just read the explanation that Morllinor linked. I still think it's really slimy, to be quite frank.

[Slowpoke is a Gamer]

According to Elv, the updated 7.08 version removes this code.

I'd still question why the code existed to begin with.

Don't use Elv, but if I did I would uninstall it right now and never use it again.

[Elvine]

According to Elv, the updated 7.08 version removes this code.

Regardless of being removed or not, it should of never been in there in the first place in a public release.

[Elv]

I am the author of ElvUI. I use this as a development tool with guildies it lets me execute things such as changing ElvUI options, getting information for debugging, etc... It clearly outputs to chat what is executed. The code has been there for close to two years. In any case I will simply use a standalone addon from this point forward with them to do this.

Version 7.08 has had the code removed.

http://www.tukui.org/git/?a=commitdi...8f11ad122dc11a
http://www.tukui.org/changelog.php?ui=elvui

[intrinsc]

I think a lot of you are overreacting. If he/she wanted to take people's accounts he/she would have been far, far harder to find and would have done their deed much more quickly. On top of that, it doesn't make sense for he/she to want to "troll" people with it after years and years of work.

[Deng]

I am the author of ElvUI. I use this as a development tool with guildies it lets me execute things such as changing ElvUI options, getting information for debugging, etc... It clearly outputs to chat what is executed. The code has been there for close to two years. In any case I will simply use a standalone addon from this point forward with them to do this.

Version 7.08 has had the code removed.

Fair enough.
Thanks for the years of development and a quick explanation and fix.

[Shadowed]

I am the author of ElvUI. I use this as a development tool with guildies it lets me execute things such as changing ElvUI options, getting information for debugging, etc... It clearly outputs to chat what is executed. The code has been there for close to two years. In any case I will simply use a standalone addon from this point forward with them to do this.

Version 7.08 has had the code removed.

http://www.tukui.org/git/?a=commitdi...8f11ad122dc11a
http://www.tukui.org/changelog.php?ui=elvui

Uhhhh, no.

If you're using it as a development tool, why do you include a method for outputting random messages into chat? Given you're executing arbitrary code, you can pretty quickly write a shiv that hides the message after the first one, it's not very hard.

Even ignoring all of that, if it's only intended for guildies why is it distributed to everyone who uses the addon, enabled by default and not flagged to only people in your guild? What you did is pretty bad, and manages to fall under gross incompetence at best.

[Elvine]

I am the author of ElvUI. I use this as a development tool with guildies it lets me execute things such as changing ElvUI options, getting information for debugging, etc... It clearly outputs to chat what is executed. The code has been there for close to two years. In any case I will simply use a standalone addon from this point forward with them to do this.

Version 7.08 has had the code removed.

http://www.tukui.org/git/?a=commitdi...8f11ad122dc11a
http://www.tukui.org/changelog.php?ui=elvui

So this back door has been in ElvUI for the past 2 years is what you're saying?

lets me execute things such as changing ElvUI options

That's scary to know you could change the options of any ElvUI users if you wanted to.