Author: peter
Description:
Without logging in, after a reload, I found myself logged in as a foreign user
(unknown to me). I consider this a security hole.
Version: unspecified
Severity: critical
URL: http://de.wikipedia.org
Description
Description
Details
Details
- Reference
- bz6969
Event Timeline
Comment Actions
Please provide some more information on how this happened. Especially: Do others
have access to your computer? Where you using an HTTP proxy?
Also: did you just see a page with anotehr user's name on it, or where you
actually able to edit using the identity of this user? When navigating the wiki
at random, do you stay logged in as "the other user"?
In case this happens again, please record the following, if you can: the IP
address you got for the wiki site, the HTML page itself, the HTTP response
headers and any cookies you have for the wiki's site.
I'm settings this to "critical" in case it is actually a MediaWiki bug. I
suspect however either a problem with PHP's session handling, a broken proxy, or
a compromized user PC.
Comment Actions
[[hu:User:Vince]] reported the same on huwiki a couple of hours ago. The links
to the preferences and watchlist were missing from the personal toolbar,
everything else was there. He remained logged in as another user after following
a link. I'll try to get more details.