https://bugzilla.wikimedia.org/show_bug.cgi?id=46457
Web browser: ---
Bug ID: 46457
Summary: Autoblocked address can be sniffed on
Special:Contributions
Product: MediaWiki
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: Special pages
Assignee: [email protected]
Reporter: [email protected]
Classification: Unclassified
Mobile Platform: ---
If 127.0.0.1 is autoblocked, [[Special:Contributions/127.0.0.1]] shows a link
"change block" instead of "block", though there's no block log shown. However
imagine there's only one autoblock listed in Special:BlockList, or a user is
newly blocked with autoblock enabled, a malicious sysop may check contribution
pages of all IP addresses for this link text change from "block" to "change
block", and associate this IP with the user triggering this autoblock.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
