[wp-trac] [WordPress Trac] #44230: Export Personal Data Flaw
WordPress Trac
noreply at wordpress.org
Thu Jun 21 12:20:32 UTC 2018
#44230: Export Personal Data Flaw
--------------------------+------------------------------
Reporter: psycleuk | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Privacy | Version: 4.9.6
Severity: major | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by psycleuk):
Following up on this again, as there has been no response to concerns
about the data file being public and only obscured from general access.
After further review of the process, i believe there is another flaw. A
user does not need to log into the site the confirm the request, all they
need to do it click the link in the email. The process flow assumes that
the person clicking the link in the email will always be the person who
triggered the request, but if the users email account is compromised it
may not be the case.
The current process flow would allow as user to request data from a
WordPress site without ever logging into the site to confirm who they are,
all they would need access to is the email with the confirmation link.
Given that the data being requested is about a user of the site and will
therefore have an account on the site, surely the safest process to ensure
data security is to have the user log into their account at each step to
confirm they are the correct user.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44230#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list