Thursday, February 14, 2008 seems to have nice round hole in their security

I was trying to register on their forum and accidentally found myself logged in under another user.

How did I do so:

1) Hit the Login/Join button
2) Proceed to the registration form
3) Feel it as they wish to
4) Enter instead of the desired username a username of an existing user
5) Press submit.

That's it. I've received the confirmation email and found myself under the user which was registered several years ago and have some posts. I even managed to create a post and now having the discussion.

No comments: