PHP :: Bug #56718 :: I was randomly logged in as someone else

Bug #56718	I was randomly logged in as someone else
Submitted:	2005-12-11 14:13 UTC	Modified:	2006-02-18 08:16 UTC
From:	kevin at cookfamily dot tv	Assigned:	pajoye (profile)
Status:	Closed	Package:	PECL website (PECL)
PHP Version:	5.0.2	OS:	WIN XP Pro
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	kevin at cookfamily dot tv
New email:
PHP Version:		OS:

New Comment:

[2005-12-11 14:13 UTC] kevin at cookfamily dot tv

Description:
------------
While on the PEAR site, I noticed that, without ever logging in myself, I was randomly logged in as someone else.
It should be noted that other log in/out bugs occur when users are logged in.  I was not logged in and I have never had a user account at the site.

Here's an email I sent to the gentleman whose identity I briefly took over:

Hello, Kevin.

On 11 Dec 2005 03:39:32 -0000, kevin cook <kevin@cookfamily.tv> wrote:

>> [This message has been brought to you via pear.php.net.]
>>
>> While browsing the PEAR site, I noticed that it said that I was logged
>> in as Anatoly Techtonik.
>>
>>
>>
>> How can this be?
>>

Frankly speaking, I do not know, because I do not have access to PEAR
website sources or to pear.php.net server. But I've seen Pierre
reported troubles with pearweb database and mentioned some cache
troubles recently, so it can be that id's in database messed up or
session cookies gone bad. The reasons for this mess can vary. It may
be security breach with XML-RPC in the past, bug in PEAR DB package,
some experimental code in pearweb or server misconfiguration
(cvs.php.net moved to a new server this morning).

>>
>>
>> Is this a bug in the site?
>>

Definitely. If you decide to report it you may attach this message. In
addition from my side - when I am on the main/documentation/news or
other static page I'm not logged in, but when I follow "login" page
pearweb tells me I'm already logged in. And I'm always logged in on
dynamic pages such as bugreporting or pepr proposal/package edition
pages.

>>
>>
>> Thought you should know.
>>

Thank you.

--
--t.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-02-18 08:16 UTC] pajoye@php.net

This bug has been fixed in CVS.

If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET).

If this was a problem with the pear.php.net website, the change should be live shortly.

Otherwise, the fix will appear in the package's next release.

Thank you for the report and for helping us make PEAR better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 18 02:02:52 2024 UTC