[OpenStreetMap] #5236: User somehow using the name 'forgot-password' which redirrects to reset password page if clicked
OpenStreetMap
trac at noreply.openstreetmap.org
Thu Oct 2 12:12:20 UTC 2014
#5236: User somehow using the name 'forgot-password' which redirrects to reset
password page if clicked
---------------------------+-------------------------
Reporter: rickmastfan67 | Owner: rails-dev@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: website | Version:
Keywords: |
---------------------------+-------------------------
Could this be a security risk? (if not, please downgrade the 'priority')
Here's a link to a changeset that this user made:
https://www.openstreetmap.org/changeset/25403764
If you click on his name in the 'Closed 19 days ago by' area, you are sent
directly to the OSM password reset page (and if you're logged in, your
e-mail is displayed in the reset box). Also, because of this username he's
'using' there is no way to see his main 'user' page like the profile of
anybody else.
--
Ticket URL: <https://trac.openstreetmap.org/ticket/5236>
OpenStreetMap <http://www.openstreetmap.org/>
OpenStreetMap is a free editable map of the whole world
More information about the rails-dev
mailing list