User Nickname duplication is possible (they are not unique)
|Reported by:||ffosterdd||Owned by:||anonymous|
I have a forum where any user can register. I have noticed in my testing that if my admin has the nickname: "Stupidhead" (or any other nickname) that other users (at least as low as author) can make thier nickname also be "Stupidhead", and have it be displayed as such.
This allows users to masquerade as other users. I think this might be a security issue, depending on how you define security
I don't think this should be allowed... there should be a check before a nickname is set (or at least before a user can set his nickname to one already in use).
Change History (4)
comment:1 Viper007Bond — 6 years ago
- Priority changed from high to normal
- Severity changed from normal to minor