Anybody can use anybody's SID with no consequences
Bug #244668 reported by
Pietry
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| eHub |
Fix Committed
|
Undecided
|
Unassigned | ||
Bug Description
I can use user commands to send a message like BMSG somesid message, where somesid can be some operator's SID. In this case, I can talk in anybody's name, but even more, I can even take all the hub commands. This is an extreme security vulnerability.
Revision history for this message
| CyB (viktor.balazs) wrote | #1 |
| Changed in ehub: | |
| status: | New → Fix Committed |
To post a comment you must log in.
Duplicated: https:/