FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Bug Reports » Potential security hole, Anon user allowed in by clicking a referal link
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Potential security hole, Anon user allowed in by clicking a referal link [message #36363] Mon, 19 March 2007 22:34 Go to previous message
timdogg is currently offline  timdogg   United States
Messages: 6
Registered: March 2007
Location: San Diego, CA
Karma:
Junior Member
Hello All,

In our particular forum, we have it locked down. Account Approval is enabled, and Anonymous Coward cannot see anything until their account is approved.

Well today, a person tried to join our forums, I declined the account and he let me know that the web statistics program he was using which included a link to a particular forum post. He clicked on that link and it logged him in as one of my users and allowed him to see the whole thread.

This sound like a pretty severe security hole, any thoughts on how to block it?

EDIT:

Actually I think this may have to do with my Cookie and Session settings, another admin must have edited something for testing. I will let you know if this is an actual bug, or an 1D10T error soon. Thanks.

[Updated on: Mon, 19 March 2007 22:52]

Report message to a moderator

[Message index]
 
Read Message
Read Message
Previous Topic: onload="MM_preloadImages('../images/about_on.gif', .. )" breaks template
Next Topic: IP Browser
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 24 01:04:26 GMT 2024

Total time taken to generate the page: 0.04291 seconds