Bug Users can be tricked into starting connected account association

Thread starter Kirby
Start date Tuesday at 3:07 PM

There is a bug in this version

Kirby

Guest

Tuesday at 3:07 PM

Starting a connected account association is done via GET, this allows to trick users into clicking a link that starts a connected account association which they might not want to perform.

Example
Start associate account with Google

Suggested Mitigation
Only start the process with POST, if called via GET show a confirmation (or an error if it's not a navigational request).

Continue reading...

You must log in or register to reply here.

Similar threads

Ques/Help delete spam cleaned users in one go

Replies: 0

Views: 34

XenForo General Discussions Apr 10, 2025

sam2019

Ques/Help How can I mass move users to another forum?

Replies: 0

Views: 54

XenForo General Discussions Mar 25, 2025

Garfield™

Ques/Help How do I disable sending emails to all users for topics I follow?

Replies: 0

Views: 76

XenForo General Discussions Mar 18, 2025

Hareon

Ques/Help IP address not logging for new users

Replies: 0

Views: 54

XenForo General Discussions Mar 5, 2025

Hobbes

Ques/Help What is the best way to bulk give users User Upgrades (with expiry dates)?

Replies: 0

Views: 74

XenForo General Discussions Mar 3, 2025

BubbaLovesCheese

Facebook X (Twitter) Reddit Pinterest WhatsApp Email Link

Top Bottom

Back

Welcome To The Geeks-Board!
For full use of the forum, you need to register. The registration will take only 1 minute and after that, you can enter and read topics. So don't hesitate and register now!
Log in Register
🔥 Hardware & Software Products
🔥 Android Devices Support
🔥 Web Development

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Search

Search

Bug Users can be tricked into starting connected account association

Kirby

Guest

Similar threads