Re: serious security issue #login


Andy Wedge
 

On Sun, May 17, 2020 at 03:57 PM, Peter Cook wrote:
When I clicked on this link, I was immediately logged into her account without being asked for her password. Does anyone besides me see this as a serious security breach? Wouldn't it make sense that someone clicking on this would be required to enter a password?
If you look at the member's manual you will see that logging in by having a link emailed to you is perfectly legit and the way the system is designed to work. The link is personalised for the intended recipient so the security issue is really the fact that your member shared it with you - they effectively gave you the password to enable you to login to their account.

Andy

Join GroupManagersForum@groups.io to automatically receive all group messages.