[Savannah-help-public] [sr #107281] Verification of account email changes is ineffective (try 2)

[Matt McCutchen]

URL:
  <http://savannah.gnu.org/support/?107281>

                 Summary: Verification of account email changes is
ineffective (try 2)
                 Project: Savannah Administration
            Submitted by: hashproduct
            Submitted on: Wed 24 Feb 2010 02:37:52 PM EST
                Category: Savannah website
                Priority: 5 - Normal
                Severity: 6 - Security
                  Status: None
             Assigned to: None
        Originator Email: 
        Operating System: None
             Open/Closed: Open
         Discussion Lock: Any

    _______________________________________________________

Details:

My sr #107268 was wrongly closed and I am unable to reopen it, so I am
submitting another ticket with a (hopefully) clearer explanation of the
problem.

AIUI, the goal of the email confirmation mechanism in Savannah is to prevent
a user from setting an account email address that she does not own.  It works
by sending a secret confirmation link to the new address; the user is required
to click the link to complete the change.  Savannah also sends a link to the
old address offering to cancel the change.

However, the mechanism as currently implemented does not achieve the goal
because the confirmation link can be easily derived from the cancellation link
by changing one query parameter at the end.  Hence, a user can change his/her
account email address to an address she does not own, just using the
cancellation link received at her old address.




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?107281>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/