[Bug 28747] New: SUL allows circumvention of impersonation measures

bugzilla-daemon Fri, 29 Apr 2011 10:03:01 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=28747


             Bug #: 28747
           Summary: SUL allows circumvention of impersonation measures
           Product: MediaWiki
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: User login
        AssignedTo: wikibugs-l@lists.wikimedia.org
        ReportedBy: a...@sowhy.de
    Classification: Unclassified


If you try to create an account that is similar to an existing one (such as me
trying to create "SöWhy"), the software will check for existing usernames (here
"SoWhy") and disallow creation of the account. On the other hand, if you create
the account "SöWhy" on another project that the "SoWhy"-account does not exist
yet, you can then auto-create the account on the wiki the "SoWhy" account
already exists, thus creating an impersonation account despite the measures set
in place to prevent this.

Example: 
- http://toolserver.org/~vvv/sulutil.php?user=SoWhy
- http://toolserver.org/~vvv/sulutil.php?user=S%C3%B6Why

Regards,
SoWhy

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 28747] New: SUL allows circumvention of impersonation measures

Reply via email to