| Potential security hole, Anon user allowed in by clicking a referal link [message #36363] |
Mon, 19 March 2007 22:34  |
timdogg
Messages: 6
Registered: March 2007
Location: San Diego, CA
Karma: 0
|
Junior Member |
|
|
Hello All,
In our particular forum, we have it locked down. Account Approval is enabled, and Anonymous Coward cannot see anything until their account is approved.
Well today, a person tried to join our forums, I declined the account and he let me know that the web statistics program he was using which included a link to a particular forum post. He clicked on that link and it logged him in as one of my users and allowed him to see the whole thread.
This sound like a pretty severe security hole, any thoughts on how to block it?
EDIT:
Actually I think this may have to do with my Cookie and Session settings, another admin must have edited something for testing. I will let you know if this is an actual bug, or an 1D10T error soon. Thanks.
[Updated on: Mon, 19 March 2007 22:52] Report message to a moderator |
|
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]