Last modified: 2006-08-10 19:46:53 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T8969, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 6969 - Unintentional log-in as foreign user
Unintentional log-in as foreign user
Status: RESOLVED DUPLICATE of bug 6464
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
unspecified
All All
: Normal critical (vote)
: ---
Assigned To: Nobody - You can work on this!
http://de.wikipedia.org
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-10 11:21 UTC by Peter Gerwinski
Modified: 2006-08-10 19:46 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Peter Gerwinski 2006-08-10 11:21:38 UTC 
Without logging in, after a reload, I found myself logged in as a foreign user
(unknown to me). I consider this a security hole.
Comment 1 Daniel Kinzler 2006-08-10 11:42:43 UTC 
Please provide some more information on how this happened. Especially: Do others
have access to your computer? Where you using an HTTP proxy? 

Also: did you just see a page with anotehr user's name on it, or where you
actually able to edit using the identity of this user? When navigating the wiki
at random, do you stay logged in as "the other user"?

In case this happens again, please record the following, if you can: the IP
address you got for the wiki site, the HTML page itself, the HTTP response
headers and any cookies you have for the wiki's site. 

I'm settings this to "critical" in case it is actually a MediaWiki bug. I
suspect however either a problem with PHP's session handling, a broken proxy, or
a compromized user PC.
Comment 2 Tisza Gergő 2006-08-10 16:29:53 UTC 
[[hu:User:Vince]] reported the same on huwiki a couple of hours ago. The links
to the preferences and watchlist were missing from the personal toolbar,
everything else was there. He remained logged in as another user after following
a link. I'll try to get more details.
Comment 3 Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-08-10 19:46:53 UTC 

*** This bug has been marked as a duplicate of 6464 ***
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links