id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
16370	Vulnerability: Comment posting by Guest	igisev		"If on ""Discussion Settings"" console page[[BR]]
""Users must be registered and logged in to comment"" - is checked[[BR]]
then any visitor can leave comments on a site.

But if guest knows Email and/or ""display name"" of any registered user he can leave the comment as though it was this user!

For example:[[BR]]
Admin Email is 'admin[at]myblog.com'. Admin display name is 'Administrator'.[[BR]]
Guest fill out comment form with:[[BR]]
Name: Administrator[[BR]]
E-Mail: admin[at]myblog.com[[BR]]
and press the ""Submit Comment"" button[[BR]]

[[Image(http://img838.imageshack.us/img838/3365/63231804.th.gif)]][[BR]]
Full size image: [http://img838.imageshack.us/img838/3365/63231804.gif]

As a result the comment of the visitor and the comment of the Administrator look absolutely equally! =/[[BR]]
[[Image(http://img193.imageshack.us/img193/274/41043977.th.gif)]][[BR]]
Full size image: [http://img193.imageshack.us/img193/274/41043977.gif]

What you can say about this? =("	defect (bug)	closed	normal		Comments	3.0.4	normal	duplicate	comment posting guest