Closed Bug 590222 Opened 14 years ago Closed 13 years ago

can enumerate user accounts via delete / close account

Categories

(Cloud Services :: Web Site - Deprecated, defect)

Product:
Cloud Services
Component:
Web Site - Deprecated
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: clyon, Assigned: mconnor)

Details

Attachments

(1 file)

treat everything except 503 as incorrect username/password
751 bytes, patch
telliott
: review+
Details | Diff | Splinter Review 
when going to:
https://services.mozilla.com/delete-account/

if I enter a valid user I get this response:

"Incorrect user name and/or password"

if I enter an invalid username, I get this response:

"An unexpected error occured. Please try again later."
Right now we go off http response, and I suspect we just need to handle 400 the same as 401.
Assignee: telliott → mconnor
Component: Server: Sync → Web Site
QA Contact: sync-server → website
Attachment #479682 - Flags: review?(telliott) → review+
Don't think this was landed, but this part of the site has been replaced by Account Portal.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: