can enumerate user accounts via delete / close account

RESOLVED INVALID

Status

Cloud Services
Web Site
--
major
RESOLVED INVALID
8 years ago
7 years ago

People

(Reporter: clyon, Assigned: mconnor)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

8 years ago
when going to:
https://services.mozilla.com/delete-account/

if I enter a valid user I get this response:

"Incorrect user name and/or password"

if I enter an invalid username, I get this response:

"An unexpected error occured. Please try again later."
(Assignee)

Comment 1

8 years ago
Right now we go off http response, and I suspect we just need to handle 400 the same as 401.
Assignee: telliott → mconnor
Component: Server: Sync → Web Site
QA Contact: sync-server → website
(Assignee)

Comment 2

8 years ago
Created attachment 479682 [details] [diff] [review]
treat everything except 503 as incorrect username/password
Attachment #479682 - Flags: review?(telliott)
Attachment #479682 - Flags: review?(telliott) → review+
(Assignee)

Comment 3

7 years ago
Don't think this was landed, but this part of the site has been replaced by Account Portal.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.