Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-90944

Author of an anonymous message board post can be exposed via portal admin impersonating them

    Details

      Description

      The author of an anonymous message board post can see and edit their post under the "My Posts" tab. Which means anyone else impersonating them can also either intentionally or accidentally discover the true author.

      1) In a malicious setting the impersonator can guess at a range of users who may have made a posting and quickly scan all of the "My Posts" tabs in question.

      2) In an accidental setting a user may have requested help and the impersonator happens to come across the anon posts in the "My Posts" tab.

      Expected
      User is truly posting a message that can't be traced back to them

      Actual
      It's still possible to act maliciously to expose the true author and the user may also accidentally expose themselves if requesting support.

        Attachments

          Activity

            People

            Assignee:
            samuel.kong Samuel Kong
            Reporter:
            lee.jordan1 Lee Jordan
            Participants of an Issue:
            Recent user:
            Michael Saechang
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              1 year, 35 weeks, 1 day ago

                Packages

                Version Package