Ticket #1686 (new defect)

Opened 2 years ago

security issue of identical user IDs

Reported by: tracguest Assigned to: fguillaume
Priority: P2 Milestone: CPS 3.5.0
Component: CPS (global) Version: 3.4.1
Severity: normal Keywords:
Cc:

Description

I use the same ID on different CPS sites on the same zope instance. I can login on site A and go to a URL of site B without re-login. That's fine for this use case.

But I guess it also means the a user has access to another users spaces on another CPS sites on the same server if they have by chance the same user ID. Is that true? If yes it is a real problem for self-registration, isn't it?