Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

Ticket #192 (Logout in the Issue Tracker doesn't work properly) created

Simon Repp just discovered this odd behaviour on the Hauptraum Surfstation:

Open the Issue tracker.
Click Login.
You are now logged in as XXXXXXX. (without being asked for or providing any credentials!!)

This should not happen.

Firefox in private mode. No cookies are stored, all cookies deleted, firefox quit and reopened. Behaviour is still the same.

Security implication: Allows impersonification, maybe even unfriendly takeover of an account.

Tags: newticket

Don't be the product, buy the product!