← Back to team overview

mahara-contributors team mailing list archive

  1. mahara-contributors team
  2. Mailing list archive
  3. Message #21733

[Bug 1106529] Re: Unapproved Account shows Approved

  Thread PreviousDate PreviousThread Next 
** Information type changed from Private Security to Public Security

** Changed in: mahara
       Status: Expired => Invalid

** Changed in: mahara
       Status: Invalid => Won't Fix

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1106529

Title:
  Unapproved Account shows Approved

Status in Mahara ePortfolio:
  Won't Fix

Bug description:
  Version: mahara (1.2.6-2+squeeze6) or previous --- installed on
  squeeze via repos in AUG 2012...

  A user requested an account via the self registration page.
  An email was sent to the administrator to alert the need to approve the account.
  The administrator did not yet approve the account, but the account was fully activated anyway.
  Details:

  Fully functional Mahara installation.
  Self-registration process had worked previously and correctly without incident for many users.
  This one account became active without anyone approving the account.

  The user requesting the account was using the Opera Mini Browser -
  which caches and reformats all data.

  The account request generated an email to the user and the admin account holder.
  The admin account holder was logged in at the time of the request.
  The user clicked "Forgot Password" several times.
  The admin account holder checked the approval queue and it was empty.
  However, the user account seemed to be fully functional without any approval being granted.

  No other user with self-registration experienced this problem - it was
  unique to the user operating with the Opera Mini Browser which uses
  the Opera Proxy network... (possibly an unintended replay attack using
  the the registration key and caching the results of the email??)

  Since this may be related to other security issues listed for older
  versions of Mahara - The website has been upgraded to the latest
  version (1.6.2) and no further problems have been noted...

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1106529/+subscriptions
  Thread PreviousDate PreviousThread Next