Important security issue:one can see all responses
Important security issue:one can see all responses
Hi Maverick,
I found an important security issue in the front-end.
It is possible for unregistered users to get all responses in all surveys by simple brute-forcing response-id (in some case it is very easy because a malefactor only has to decrease his response-id by 1).
Try to logout and type two following URLs:
DELETED
You see exact answers of two different users!
In first case, the answer was "A", in second "B".
Why it is important:
1. First it is a security issue that leads to data disclosure
2. It is easy to write a simple script that will steal all exact answers of all users for all surveys
3. A user can answer some survey and then just change "rid" in the URL to see what other users answered (that is how I found this issue).
Since it affects data disclosure policy of all users for all surveys, it would be nice if you could fix it ASAP.
Regards,
Eh
I found an important security issue in the front-end.
It is possible for unregistered users to get all responses in all surveys by simple brute-forcing response-id (in some case it is very easy because a malefactor only has to decrease his response-id by 1).
Try to logout and type two following URLs:
DELETED
You see exact answers of two different users!
In first case, the answer was "A", in second "B".
Why it is important:
1. First it is a security issue that leads to data disclosure
2. It is easy to write a simple script that will steal all exact answers of all users for all surveys
3. A user can answer some survey and then just change "rid" in the URL to see what other users answered (that is how I found this issue).
Since it affects data disclosure policy of all users for all surveys, it would be nice if you could fix it ASAP.
Regards,
Eh
Access to viewing replies is restricted.
Showing 9 of 9 replies
You do not have permissions for replying to this topic.