FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Bug Reports » Potential security hole, Anon user allowed in by clicking a referal link
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
Potential security hole, Anon user allowed in by clicking a referal link [message #36363] Mon, 19 March 2007 22:34 Go to next message
timdogg is currently offline  timdogg   United States
Messages: 6
Registered: March 2007
Location: San Diego, CA
Karma: 0
Junior Member
Hello All,

In our particular forum, we have it locked down. Account Approval is enabled, and Anonymous Coward cannot see anything until their account is approved.

Well today, a person tried to join our forums, I declined the account and he let me know that the web statistics program he was using which included a link to a particular forum post. He clicked on that link and it logged him in as one of my users and allowed him to see the whole thread.

This sound like a pretty severe security hole, any thoughts on how to block it?

EDIT:

Actually I think this may have to do with my Cookie and Session settings, another admin must have edited something for testing. I will let you know if this is an actual bug, or an 1D10T error soon. Thanks.

[Updated on: Mon, 19 March 2007 22:52]

Report message to a moderator

Re: Potential security hole, Anon user allowed in by clicking a referal link [message #36366 is a reply to message #36363] Mon, 19 March 2007 23:10 Go to previous message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
The only way this could happen is if you have URL session enabled and the provided link had an active session embedded into it. Furthermore session validation checks may have been turned off.

FUDforum Core Developer
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: onload="MM_preloadImages('../images/about_on.gif', .. )" breaks template
Next Topic: IP Browser
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 23 22:02:29 GMT 2024

Total time taken to generate the page: 0.02619 seconds