URL:
<http://savannah.gnu.org/support/?107281>
Summary: Verification of account email changes is
ineffective (try 2)
Project: Savannah Administration
Submitted by: hashproduct
Submitted on: Wed 24 Feb 2010 02:37:52 PM EST
Category: Savannah website
Priority: 5 - Normal
Severity: 6 - Security
Status: None
Assigned to: None
Originator Email:
Operating System: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
My sr #107268 was wrongly closed and I am unable to reopen it, so I am
submitting another ticket with a (hopefully) clearer explanation of the
problem.
AIUI, the goal of the email confirmation mechanism in Savannah is to prevent
a user from setting an account email address that she does not own. It works
by sending a secret confirmation link to the new address; the user is required
to click the link to complete the change. Savannah also sends a link to the
old address offering to cancel the change.
However, the mechanism as currently implemented does not achieve the goal
because the confirmation link can be easily derived from the cancellation link
by changing one query parameter at the end. Hence, a user can change his/her
account email address to an address she does not own, just using the
cancellation link received at her old address.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?107281>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
