[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers] [bugs #6958] bugs in email address change confirmatio
|
From: |
Sylvain Beucler |
|
Subject: |
[Savannah-hackers] [bugs #6958] bugs in email address change confirmation |
|
Date: |
Sat, 21 Aug 2004 19:49:50 -0400 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040207 Firefox/0.8 |
This mail is an automated notification from the bugs tracker
of the project: Savannah Administration.
/**************************************************************************/
[bugs #6958] Full Item Snapshot:
URL: <http://savannah.gnu.org/bugs/?func=detailitem&item_id=6958>
Project: Savannah Administration
Submitted by: Norbert Bollow
On: Tue 12/23/2003 at 11:09
Category: None
Severity: 5 - Average
Item Group: None
Resolution: None
Privacy: Public
Assigned to: None
Status: Open
Summary: bugs in email address change confirmation
Original Submission: There are several problems in the system for confirming
email address change.
The most serious issue is that the confirmation email which is intended to be
sent to the new email address goes to the old email address instead, so that it
does not achieve its intended purpose of ensuring that the new email address
works.
The warning email which should go to the old email address goes to the new
email address instead. Also there is a typo in this email message... "if
maybe" should read "is maybe".
The system also generates a bogus error message "Database updated [#1]; The
system reported a failure when trying to send the confirmation mail. please
retry and report that problem to administrators [#2];" (I received those
confirmation emails alright.)
Follow-up Comments
------------------
-------------------------------------------------------
Date: Sun 02/29/2004 at 09:33 By: Sylvain Beucler <Beuc>
It seems e-mails go to the right addresses now:
- confirm to the new e-mail
- discard to the old e-mail
The only bug is that discarding after confirming does not put back the old
e-mail, which means if you want an e-mail change, the system will send the
'discard' e-mail to the new e-mail, that is the attacker's, and it will be
difficult to put back the old adress if the attacker can discard the changes at
any time. Moreover, the attacker still can have a password change e-mail to him
meanwhile...
I moved the typo to support #6957
The bogus error message still appears and somebody has to check it.
-------------------------------------------------------
Date: Fri 01/23/2004 at 19:24 By: Paul D. Smith <psmith>
I see these problems with email sent to the wrong address too.
But not only that, the confirmation email is not correct; whenever I get the
email and try to use the link I get an error saying the hash is incorrect, and
my email address doesn't get changed.
For detailed info, follow this link:
<http://savannah.gnu.org/bugs/?func=detailitem&item_id=6958>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-hackers] [bugs #6958] bugs in email address change confirmation,
Sylvain Beucler <=