Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-90944

Author of an anonymous message board post can be exposed via portal admin impersonating them

    Details

      Description

      The author of an anonymous message board post can see and edit their post under the "My Posts" tab. Which means anyone else impersonating them can also either intentionally or accidentally discover the true author.

      1) In a malicious setting the impersonator can guess at a range of users who may have made a posting and quickly scan all of the "My Posts" tabs in question.

      2) In an accidental setting a user may have requested help and the impersonator happens to come across the anon posts in the "My Posts" tab.

      Expected
      User is truly posting a message that can't be traced back to them

      Actual
      It's still possible to act maliciously to expose the true author and the user may also accidentally expose themselves if requesting support.

        Attachments

          Activity

            People

            • Assignee:
              samuel.kong Samuel Kong
              Reporter:
              lee.jordan1 Lee Jordan
              Participants of an Issue:
              Recent user:
              Michael Saechang
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                34 weeks ago

                Packages

                Version Package