Medium Crowd's OpenID server allows creation of different profiles. On modification, the security check for ownership of the profile is insufficient and may allow a malicious user to intentionally modify another user's profile.
Crowd OpenID server does not enforce profile ownership for edits
- Assignee:
-
joe
- Reporter:
-
- Votes:
-
0 Vote for this issue - Watchers:
-
3 Start watching this issue
- Created:
- Updated:
- Resolved: