BuddyDev

Search

[Resolved] Maybe an exploit in Autologin after activation

  • Participant
    Level: Enlightened
    Posts: 69
    Christopher Niedzwiecki on February 4, 2016 at 10:22 pm #2548

    I had this plugin activated and manually activated a friends account with administrator account. It automatically logged me out of admin account and into his account. Not sure if this can be used to hack into profiles or be exploited by other users, but I thought I would mention it.

  • Keymaster
    (BuddyDev Team)
    Posts: 24211
    Brajesh Singh on February 5, 2016 at 4:49 am #2549

    Hi Christopher,
    Thank you for posting.
    It is not an exploit as it will never escalate the rights of the user but still it is a bad user experience. I will have an update today. We shomehow missed this in our test and I apologize for that.

    Thank you
    Brajesh

  • Participant
    Level: Enlightened
    Posts: 69
    Christopher Niedzwiecki on February 5, 2016 at 6:17 pm #2558

    Oh, it’s all good. I just thought I would let you know 🙂

  • Keymaster
    (BuddyDev Team)
    Posts: 24211
    Brajesh Singh on February 5, 2016 at 7:39 pm #2559

    Thank you. I appreciate you reporting the issue.
    Have just fixed it. Please upgrade to 1.0.3 from here

    https://buddydev.com/plugins/bp-autologin-on-activation/

    Please do let me know if that works for you or not?

    Thank you
    Brajesh

  • Participant
    Level: Enlightened
    Posts: 69
    Christopher Niedzwiecki on February 5, 2016 at 10:52 pm #2564

    Works good as far as I can tell. Good work 😀

  • Keymaster
    (BuddyDev Team)
    Posts: 24211
    Brajesh Singh on February 6, 2016 at 5:32 am #2567

    Hi Christopher,
    Thank you.

    Marking it as resolved now.

The topic ‘ [Resolved] Maybe an exploit in Autologin after activation’ is closed to new replies.

This topic is: resolved