Closed
Bug 150889
Opened 22 years ago
Closed 22 years ago
email change seems to go through when password is not specified
Categories
(Bugzilla :: User Accounts, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 150925
People
(Reporter: imajes, Assigned: myk)
Details
more info when this is secure.. :)
Assignee | ||
Updated•22 years ago
|
Group: webtools-security?
Comment 1•22 years ago
|
||
OK, imajes, it's secure. Spill the beans :-)
Gerv
So i went to change my email of note, and the change went through (as far as i
can tell), however I forgot to specify my password to confirm the change.
right now i can't change email as it says email change in progress, but as far
as i can ascertain (i am running filters, so the mail could have gotten lost in
bugmail) I haven't had email.
this could be a security risk given it would allow email change without
requiring passwd confirmation.
# gerv -- got lost for a couple of hours. hope you brought popcorn for the
suspense. :)
Summary: possible security issue during user account setup → email change seems to go through when password is not specified
Comment 3•22 years ago
|
||
-> 2.16 until we can work out whats going on.
Target Milestone: --- → Bugzilla 2.16
Comment 4•22 years ago
|
||
Where did you 'forget to specify the password'? I just tried locally, and I need
the password on the userprefs page before it will go through.
The mails don't need confirmation, but thats by design, I think.
Or did you mean something else?
Comment 5•22 years ago
|
||
imajes: could you answer bbaetz' questions?
Gerv
i forgot to specify the password on the change prefs page -- ie, the one where
you confirm all actions.
whilst i got a prompt telling me that i needed to specify a password (in nice
big black-on-red lettering), what worried me is that when I went to change the
email again (specifying password) I got a warning telling me that password
change is already in progress.
apologies for not providing a more complete explanation before... and it's
kinda lucky i hit this bug... i was scanning bugmail to delete, and happened to
land the cursor on gerv's pointer. :)
-- james
Comment 7•22 years ago
|
||
This WFM. Can you reproduce this on a local install, or landfill, or something?
Comment 8•22 years ago
|
||
It's been 6 days since the last activity on this bug...
James: you have until July 7 to provide steps to reproduce this that someone
else can duplicate or I resolve WFM and clear the security flag.
Comment 9•22 years ago
|
||
*** This bug has been marked as a duplicate of 150925 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Comment 10•22 years ago
|
||
The bug this is duped of is no longer secure, removing security flag on this one.
Group: webtools-security?
Comment 11•22 years ago
|
||
clearing target in DUPLICATE/WORKSFORME/INVALID/WONTFIX bugs so they'll show up
as untriaged if they get reopened.
Target Milestone: Bugzilla 2.16 → ---
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•