Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-3465

Crowd OpenID server does not enforce profile ownership for edits

    XMLWordPrintable

Details

    Description

      Crowd's OpenID server allows creation of different profiles. On modification, the security check for ownership of the profile is insufficient and may allow a malicious user to intentionally modify another user's profile.

      Attachments

        Issue Links

          derived from

          Bug - A problem which impairs or prevents the functions of the product. CWD-3464 Authorization bypass

          • Highest - Our top priority issues
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. CWD-3467 Crowd OpenID server does not enforce profile ownership for viewing

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              jwalton joe
              jwalton joe
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: