I recently changed my REAL address then logged of of spamgourmet. When I later checked my email, I had the confirmation request. I clicked the link and was taken back to spamgourmet where it showed that the new address was now being used.
The flaw I see is that it had me logged in under my account. Had I mistyped the REAL address, the person that got that email could have clicked the link and been taken into my spamgourmet account.
I realize they wouldn't be able to change my password but they could do just about anything else.
Did I do something wrong or is this the correct operation for this feature.
Security Issue with Confirmation Link?
4 posts
• Page 1 of 1
by josh » Sat Mar 12, 2005 5:35 pm
That is the correct operation of the feature -- I hadn't considered the possibility of someone entering the wrong email address *and* the owner of that email address being hostile. Does that seem likely? If so, isn't there a problem with a lot of web security systems?
- josh
- Posts: 1371
- Joined: Fri Aug 29, 2003 2:28 pm
by Guest » Mon May 09, 2005 10:43 am
This is a minor security risk. Once you discover that you have used the wrong protected address, just log in with your password and correct your error. You would have to be very inattentive to ignore your missing confirmation email, and the bad recipient would have hardly any time to log in before you locked him back out.
Even if he had the wildest good luck to log in while you were correcting your error, once he made any mistake that logged him out, he would be unable to log in again, and your troubles would be over.
Of course, the safest thing would be to add functions to the spamgourmet server to:
[3]
Require the entry of the password when responding to the confirmation email.
[2]
Allow a password-authenticated session to override and terminate any simultaneous email confirmation session;
[3]
Prevent multiple simultaneous sessions, especially from different I.P. addresses [with special settings to allow users of anonymizing services that rotate I.P. addresses to specify that pool of addresses];
[4]
Provide "realtime" notification of security breaches to the user [updated with his next browser click or form submittal].
Even if he had the wildest good luck to log in while you were correcting your error, once he made any mistake that logged him out, he would be unable to log in again, and your troubles would be over.
Of course, the safest thing would be to add functions to the spamgourmet server to:
[3]
Require the entry of the password when responding to the confirmation email.
[2]
Allow a password-authenticated session to override and terminate any simultaneous email confirmation session;
[3]
Prevent multiple simultaneous sessions, especially from different I.P. addresses [with special settings to allow users of anonymizing services that rotate I.P. addresses to specify that pool of addresses];
[4]
Provide "realtime" notification of security breaches to the user [updated with his next browser click or form submittal].
- Guest
- Guest
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 97 guests