[wp-trac] [WordPress Trac] #6855: User Nickname duplication is
possible (they are not unique)
WordPress Trac
wp-trac at lists.automattic.com
Sun Apr 27 07:56:05 GMT 2008
#6855: User Nickname duplication is possible (they are not unique)
-----------------------+----------------------------------------------------
Reporter: ffosterdd | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.7
Component: Security | Version: 2.5.1
Severity: normal | Keywords: nickname, unique, duplication
-----------------------+----------------------------------------------------
I have a forum where any user can register. I have noticed in my testing
that if my admin has the nickname: "Stupidhead" (or any other nickname)
that other users (at least as low as author) can make thier nickname also
be "Stupidhead", and have it be displayed as such.
This allows users to masquerade as other users. I think this might be a
security issue, depending on how you define security
I don't think this should be allowed... there should be a check before a
nickname is set (or at least before a user can set his nickname to one
already in use).
Thanks!
--
Ticket URL: <http://trac.wordpress.org/ticket/6855>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list