Re: Maemo.org security vulnerability?
Quote:
Originally Posted by Jaffa
(Post 779375)
Then can you please do one of: - Attach it to a new bug report, including details of what you did to get there; the username you've logged on with and a series of screenshots showing each expanded menu entry.
- Crop it and re-attach.
|
I'm very sorry man, it's been a few days and when HellFlyer said that Reggie saw it and it's all ok I deleted the screenshot, I figured you either didn't really care or you knew about it..
Anyway my guess (just a hypothesis) is that Midgard has a serious flaw in that it checks the validity of the username and password independently. In other words, you can, in theory, log in with a user name from any valid account and a password from any other valid account. I'm saying this because basically what happened was I logged in with Safari but I only wrote my username and the browser filled in the password for me (must have been another password because I don't usually use Safari). I was then logged in as Technical GanXta instead of giecsar, as you can see from the screenshot (that text is actually readable). |
