FUDforum: Bug Reports » Potential security hole, Anon user allowed in by clicking a referal link

Home » FUDforum Development » Bug Reports » Potential security hole, Anon user allowed in by clicking a referal link

Show: Today's Messages :: Polls :: Message Navigator

Potential security hole, Anon user allowed in by clicking a referal link [message #36363]

Mon, 19 March 2007 22:34

timdogg

Messages: 6
Registered: March 2007
Location: San Diego, CA

Karma:

Junior Member

Hello All,

In our particular forum, we have it locked down. Account Approval is enabled, and Anonymous Coward cannot see anything until their account is approved.

Well today, a person tried to join our forums, I declined the account and he let me know that the web statistics program he was using which included a link to a particular forum post. He clicked on that link and it logged him in as one of my users and allowed him to see the whole thread.

This sound like a pretty severe security hole, any thoughts on how to block it?

EDIT:

Actually I think this may have to do with my Cookie and Session settings, another admin must have edited something for testing. I will let you know if this is an actual bug, or an 1D10T error soon. Thanks.

[Updated on: Mon, 19 March 2007 22:52]

Report message to a moderator

[Message index]

		Potential security hole, Anon user allowed in by clicking a referal link By: timdogg on Mon, 19 March 2007 22:34
		Re: Potential security hole, Anon user allowed in by clicking a referal link By: Ilia on Mon, 19 March 2007 23:10

Previous Topic:	onload="MM_preloadImages('../images/about_on.gif', .. )" breaks template
Next Topic:	IP Browser

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Thu Nov 21 23:07:50 GMT 2024

Total time taken to generate the page: 0.03852 seconds