Page MenuHomePhabricator

Still able to create accounts on projects with a SUL-account-name
Closed, ResolvedPublic


Author: willemo

I was a bit playing with SUL functionality and tried to register my account on projects which I never registered before. I could login instantly, but I tried to create an account the old-fashioned way. I did use different passwords etc.

If I quote

The greatest advantages are single sign-up (...) consistent identity (your username now always means you; no one else can take your name on another project).

As far I can see for now, this isn't the case. I am still able to create accounts (though I didn't try this with other usernames) I don't know whether this is done intentionally (I couldn't find any statement about this), some IP-check is performed, or this is really a bug.

Version: unspecified
Severity: major



Event Timeline

bzimport raised the priority of this task from to High.Nov 21 2014, 10:11 PM
bzimport set Reference to bz14248.
bzimport added a subscriber: Unknown Object (MLST).

spacebirdy wrote:

Today this bug was brought to my attention by Pill.

We did some tests on

Pills SUL was not complete (1 wiki was left open) but his SUL was activated
he was able to create an account with the name Pill (he used another password another (or no) mail)

We wanted to test with someone whoses SUL was completet too.

The SUL of Baisemain was complete (I checked before with CentralAuth),
she too was able to create a totally new account with the name Baisemain on!

This looks quite serious to me.

Many thanks for Your help,
Elisabeth Anderl [[:wikt:is:Notandi:Spacebirdy]]

Looks quite serious to me, too; therefor I changed Priority from normal to high and Severity from normal to major (feel free to revert this though, I am no expert).

thogol wrote:

Please make sure that this bug gets fixed *before* enabling SUL for all. Otherwise we will get tons of complains by community members facing new fake accounts. (And, seeing the recent cross-wiki activity, fake-accounting seems to be a major issue these days...)

BR, Th.

Regression due to r34124, fixed in r35340.