Skip to content
This repository has been archived by the owner on Jul 24, 2021. It is now read-only.

User somehow using the name 'forgot-password' which redirrects to reset password page if clicked #5234

Closed
openstreetmap-trac opened this issue Jul 23, 2021 · 1 comment

Comments

@openstreetmap-trac
Copy link

Reporter: rickmastfan67
[Submitted to the original trac issue database at 9.16pm, Wednesday, 1st October 2014]

Could this be a security risk? (if not, please downgrade the 'priority')

Here's a link to a changeset that this user made: https://www.openstreetmap.org/changeset/25403764

If you click on his name in the 'Closed 19 days ago by' area, you are sent directly to the OSM password reset page (and if you're logged in, your e-mail is displayed in the reset box). Also, because of this username he's 'using' there is no way to see his main 'user' page like the profile of anybody else.

@openstreetmap-trac
Copy link
Author

Author: TomH
[Added to the original trac issue at 12.43pm, Thursday, 2nd October 2014]

Fixed in [changeset:c83778d/rails]

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant