FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Bug Reports » Potential security hole, Anon user allowed in by clicking a referal link
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
Potential security hole, Anon user allowed in by clicking a referal link [message #36363] Mon, 19 March 2007 18:34 Go to next message
timdogg is currently offline  timdogg   United States
Messages: 6
Registered: March 2007
Location: San Diego, CA
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
Hello All,

In our particular forum, we have it locked down. Account Approval is enabled, and Anonymous Coward cannot see anything until their account is approved.

Well today, a person tried to join our forums, I declined the account and he let me know that the web statistics program he was using which included a link to a particular forum post. He clicked on that link and it logged him in as one of my users and allowed him to see the whole thread.

This sound like a pretty severe security hole, any thoughts on how to block it?

EDIT:

Actually I think this may have to do with my Cookie and Session settings, another admin must have edited something for testing. I will let you know if this is an actual bug, or an 1D10T error soon. Thanks.

[Updated on: Mon, 19 March 2007 18:52]

Report message to a moderator

Re: Potential security hole, Anon user allowed in by clicking a referal link [message #36366 is a reply to message #36363] Mon, 19 March 2007 19:10 Go to previous message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
The only way this could happen is if you have URL session enabled and the provided link had an active session embedded into it. Furthermore session validation checks may have been turned off.

FUDforum Core Developer
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: onload="MM_preloadImages('../images/about_on.gif', .. )" breaks template
Next Topic: IP Browser
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Dec 13 12:06:43 EST 2017

Total time taken to generate the page: 0.00629 seconds