https://bugzilla.wikimedia.org/show_bug.cgi?id=28747
Bug #: 28747
Summary: SUL allows circumvention of impersonation measures
Product: MediaWiki
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: User login
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
If you try to create an account that is similar to an existing one (such as me
trying to create "SöWhy"), the software will check for existing usernames (here
"SoWhy") and disallow creation of the account. On the other hand, if you create
the account "SöWhy" on another project that the "SoWhy"-account does not exist
yet, you can then auto-create the account on the wiki the "SoWhy" account
already exists, thus creating an impersonation account despite the measures set
in place to prevent this.
Example:
- http://toolserver.org/~vvv/sulutil.php?user=SoWhy
- http://toolserver.org/~vvv/sulutil.php?user=S%C3%B6Why
Regards,
SoWhy
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
