locked
serious security issue : I landed on another person's account ! RRS feed

  • Question

  • Hello,

     

    I'm no hacker ... just cliked my browser's back button and I landed on another person's account !

    Hit the same button again and landed on another page, but still not mine.

     

    http://webmaster.live.com/webmaster/WebmasterAddSitesPage.aspx?form=JPWA

     

    FYI, I was using Firefox 3 beta 4 if it's relevant ot he case. Of course I didn't touch anything, but I could easily have deleted data ...

     

    I have screenshots but I don't believe that this forum has a way to display attachments. Anyway I can email them if somebody needs to investigate.

     

    This seems a serious security issue.

    Thursday, May 1, 2008 9:05 AM

Answers

  • Hi,

     

    Thanks for the info. I'll report this to the people who need to know.

     

     

    Thanks,

     

    Brett

    Friday, May 2, 2008 8:36 PM
  • Thanks for the screenshot and info. Please send me more screenshots if you repro this again.

     

     

    Brett

     

    Monday, May 5, 2008 5:03 PM

All replies

  • Yeah, I had the same thing happen to me today. I'm using FF 2.

    After I refreshed the page a few times my own account appeared.
    Thursday, May 1, 2008 10:34 AM
  • I just had the same thing happen, adding a new site I returned to someone else's list, even clicking 'log out' still meant I was viewing this list.

    Thursday, May 1, 2008 10:47 AM
  • Hi,

     

    Thanks for the info. I'll report this to the people who need to know.

     

     

    Thanks,

     

    Brett

    Friday, May 2, 2008 8:36 PM
  • If you could please send the screenshot to my hotmail account (brett_yount...) I would appreciate it. I've been trying to reproduce the error, but have not been able to so far.

    Thanks,

    Brett
    Friday, May 2, 2008 9:05 PM
  •  

    Brett, I'll try to get a screenshot but just to confirm we also saw the same thing again with FF 2.0.14.  Hasn't happened since seems like some weird cache issue.

     

     

    PromoManagers

    Monday, May 5, 2008 12:57 AM
  • Thanks for the screenshot and info. Please send me more screenshots if you repro this again.

     

     

    Brett

     

    Monday, May 5, 2008 5:03 PM