Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
M

mcgiwer

@mcgiwer
About
Posts
2
Topics
1
Shares
0
Groups
0
Followers
0
Following
0

Posts

Recent Best Controversial
  • Security bug that allow unauthorized access
    M mcgiwer

    @nebulon I mean the place where all users are listed.

    There is a risk that the password change may become missused to gain unauthorized access to someone else account. All because the fact that the password change form doesn't ask for neither old password, or 2FA key (if it's enabled for the user).

    The best example of that is visible in the online demo

    Support security password
  • Security bug that allow unauthorized access
    M mcgiwer

    I want to report a serious security bug that allow unauthorized access to someones else account.

    Description:

    The password change option generates a password change link, with doesn't verify neither the old password, nor the 2FA(if enabled) and allow to change the other user's password and then access that profile.

    Support security password
  • Login
  • Don't have an account? Register
  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search