Users Can View Protected Threads

By thetrials
October 21, 2015 in Technical Problems

Recommended Posts

thetrials

Posted October 21, 2015

Just posted this as a Bug but wanted to share as well in-case anyone else has experience with this. On our forum we have sub-forums that are only visible to specific user groups and protected by a Password. However, we just discovered that regular users who do not have rights to the forum are able to see the names of topics created in the forum when they click on a users profile. Specifically this shows under currently in a users profile. This has proven to be a security vulnerability for our forum since it means users can see topic names from a protected forum. See included screenshot. The topic next to Currently: is in a protected forum and this is viewable my a regular member.

Note that it seems this also affects the online users list as well.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

Recently Browsing 0 members
- No registered users viewing this page.

Create New...

Invision Community 4: SEO, prepare for v5 and dormant account notifications

Invision Community 5: Beta testing and latest updates

Invision Community 4: A more professional report center

Invision Community 5: A video walkthrough creating a custom theme and homepage

Users Can View Protected Threads

Recommended Posts

thetrials

Archived

Recently Browsing 0 members

More