# JAE - please fix the "logged in as someone else" i



## jampott (Sep 6, 2003)

Jae,

I keep finding myself logged in as other users, which leads me to believe they could also be logged in as me...

This poses a MAJOR security risk, and I'm reasonably sure you (and Cogbox) are in breach of the DPA by making my details available to people who log in "accidentally" as me, without my express consent.

Please be aware this is a VERY serious issue, as far as I am concerned.

You are responsible for the security of this site, and the user information and accounts should be held sacred. Sort it out.


----------



## coupe-sport (May 7, 2002)

Your PM's become visible too...

Worth deleting any 'interesting' ones you may have 

Just looked at my profile - not really any sensitive info coming to light though Tim ? - what are you concerned about ??

James.


----------



## jampott (Sep 6, 2003)

coupe-sport said:


> Your PM's become visible too...
> 
> Worth deleting any 'interesting' ones you may have
> 
> ...


IMs are one - but even those people who choose not to display their email address will have it displayed, I expect. Not to mention the ability to do something malicious.


----------



## kmpowell (May 6, 2002)

jampott said:


> Jae,
> 
> I keep finding myself logged in as other users, which leads me to believe they could also be logged in as me...
> 
> ...


Tim, i 100% agree with you, but nobody seems to be able to get hold of Jae. :?

In the mean time, i 'think' i have tracked a solution. It is only affecting people who 'remain logged in' or dont log out when they leave the forum. This i think is not deleting the cookie from the server, hence the muddle ups with open sessions which are happening.

To get round it, ALWAYS 'log out' when you leave the forum.


----------



## DXN (May 18, 2002)

Jae sent me back a pm on 19 and said he 'applied a different patch for the virus attack that happened the other week.'

mean anything to you guys?


----------



## scoTTy (May 6, 2002)

Jae only appears to have time for dust caps at the moment. :x


----------



## omen666 (Oct 10, 2004)

the phpBB software used for the site is the likely source of the problem. This software is built by independant group and licensed as open source (free). They are good at closing 'holes' quickly so when they release the fix Jae will have to apply.

I haven't bothered to search the phpBB forum, but I'm sure they are working on it. They are normally very responsive.

Once fix is available, Jae will have to apply. In the meantime it is a case of closing browser after each dig around and you won't have problem.

To find whats' new when you return try http://www.********.co.uk/ttforumbbs/se ... d=newposts

Jae, I think a short update would help.


----------



## Chip_iTT (Nov 14, 2003)

i suspect this is related to the 'cant keep logged in' problem...both are due to corrupted cookies...

KMPs answer may well be a work around for now...


----------



## omen666 (Oct 10, 2004)

[smiley=dunce2.gif]


----------



## omen666 (Oct 10, 2004)

[smiley=stupid.gif]


----------



## jdn (Aug 26, 2002)

I have also noticed some different behaviour - when I visit the forum for the first time of an evening, all the forum sections and topic folders are correct - i.e. new post flags are correct. However, if I close the browser then immediately return to the site all topics and forum sections are marked as read.

Seems there is an issue with cookies and sessions. Hope it is an easy fix.

(PS - hope this post is me...)


----------



## KevinST (May 6, 2002)

The bug was introduced when Jae applied the patch to fix the worm attacks. It appears that the session ID for each user is duplicated because of the number of worm attacks (sessions being created and then deleted).

I did some research on phpBB forum - and got no response (last time I looked). I'll check again later... but I'm currently in NZ enjoying myself (and no longer officially help out on the forum :wink: )


----------



## scoTTy (May 6, 2002)

From the message I got from Jae I believe this to now be resolved. Please advise if you experience this again.


----------



## Neil (May 7, 2002)

scoTTy said:


> From the message I got from Jae I believe this to now be resolved. Please advise if you experience this again.


Just been logged in as A3DFU :?

So presumably not fixed


----------



## jampott (Sep 6, 2003)

I've just been logged in as CuTTsy...

http://www.********.co.uk/ttforumbbs/vi ... 664#407664

So its not fixed...


----------

