Page MenuHomePhabricator
Create Task
Maniphest T17545

AntiSpoof should check against CentralAuth database
Closed, ResolvedPublic
Actions

Description

Currently, there is a MAJOR leak in the anti spoof system. In order to create an account name similar to that of an existing user (even if the user already has an SUL, which they probably mostly do), all you need to do is find a Wiki project where the user doesn't have an account yet (probably easy to guess, or else it can be checked), create a similar account name (this is an SUL), and then log in where the active user is active - and you have spoofed him successfully.

Version: unspecified
Severity: enhancement

Details

Reference
bz15545

Event Timeline

bzimport raised the priority of this task from to Low.Nov 21 2014, 10:17 PM
bzimport added a project: AntiSpoof.
bzimport set Reference to bz15545.
bzimport added a subscriber: Unknown Object (MLST).
OdMishehu created this task.Sep 10 2008, 5:26 AM
bzimport added a comment.Sep 13 2008, 5:44 AM

soxred93 wrote:

Changing to MediaWiki extensions, as AntiSpoof is an extension

bzimport added a comment.Oct 19 2008, 6:47 PM

soxred93 wrote:

*** Bug 15841 has been marked as a duplicate of this bug. ***

bzimport added a comment.Jun 18 2009, 2:51 AM

mike.lifeguard+bugs wrote:

Updated summary.

demon added a comment.Jul 22 2009, 10:39 PM
  • Bug 19869 has been marked as a duplicate of this bug. ***
Reedy added a comment.Dec 24 2011, 10:48 PM

Duping against bug 28747 as that's where the work has been done

  • This bug has been marked as a duplicate of bug 28747 ***
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL