Users auto-logged as someone else?
Collapse
X
-
are they with same ISP behind a proxy ?:: Always Back Up Forum Database + Attachments BEFORE upgrading !
:: Nginx SPDY SSL - World Flags Demo [video results]
:: vBulletin hacked forums: Clean Up Guide for VPS/Dedicated hosting users [ vbulletin.com blog summary ] -
-
Originally posted by eva2000
are they with same ISP behind a proxy ?
This shouldn't be a problem though, right?Comment
-
Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
-
I hope vB is working on a fix for this, as I haven't been contacted.
I have demoted a mod, who's account is compromised by this until we figure it out. Not sure if this is good enough though, since even my admin account might get into the same problem....Comment
-
I can't duplicate this problem on my forums therefore it's too early to classify it as a bug. You'll just need to be patient and wait for someone to respond to your support ticket.
Are your users able to post as someone else? If not, then this is most likely a proxy issue that can be resolved by making sure they set 'Automatcally login' and 'Browse the board with cookies' to 'yes'. You also need to make sure that cookies aren't blocked either because of browser settings or third party software.Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
-
Originally posted by smachol
I can't duplicate this problem on my forums
There's 5 different vB forums already reporting this problem in two different threads.
Note that we only knew about it when our members told us. This clearly means there are many vB's running cluless to this problem, if they weren't notified, or didn't take the users enquiries seriously.
Can they post as someone else? Not to my knowledge. But they can access other member's profiles, edit/options. At that point they decided not to submit changes, and I'm glad they didn't. They can also see invisible forums, and If I could fly to the U.K. to check the user's PC and test what else they can do, I'd do it.
I'm quite patient, while taking security holes seriously at the same time, and would like them addressed ASAP. In the mean time, acknowledging the problem is a good step.Comment
-
I have plenty or users who access my forums from behind company proxies and have never had this problem. Of course I have done as I suggested in my previous message in regards to setting the options to use cookies. Have you checked into this yet?
The proxy issue is not a new one. It's been around for a long time. As for people being able to access other members accounts to change the options, I've honestly have never heard of this happening. I am not taking this lightly, but the truth is that I know of no logical reason for this to ever happen on the default vB.
Be sure to update your support ticket with any evidence you have in support of people being able to access and change other people's accounts. If this can be shown, then of course it raises the stakes a bit.Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment