[tor-bugs] #2521 [Tor Weather]: Weather shouldn't use the confirm_auth string in the URL of the /pending/ page
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue May 5 13:44:51 UTC 2015
#2521: Weather shouldn't use the confirm_auth string in the URL of the /pending/
page
-----------------------------+-------------------
Reporter: kaner | Owner: kaner
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Weather | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+-------------------
Comment (by Michanek):
I just used this flaw to manage several subscriptions that I otherwise
couldn't have accessed.
Thanks for the tip :-)
I have control over the email address but no longer access to the original
confirmation messages with the URLs for updating and unsubscribing. If
this is fixed there have to be a way to resend the correct URLs to the
subscribers email address.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2521#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list