Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Critical Security Bug
I just wanted to make everyone aware of a bug that I just found out about (I have sent a bug report to lussumos mail). I'll just cite myself:
Title: Critical Security Bug and a less important one
Ok, first the less important one.
I have found some visual problems when running Freebsd 5.4 (on a AMD64) with Firefox and Konqueror. Take a look at this screenshot: http://zetterlund.biz/buggg.png
And now the critical security bug which I'm supprised haven't been noticed yet.
Well it's not much to say, I was posting a link to a thread in my vanilla forum to a friend and didn't think much else of it but when he opened it in his browser he noticed that he got logged in as ME! I'm the administrator on my forum, he is nothing but a normal user - lucky me that he's a friend. When he found out he told me and tried posting with my name, and that worked. He also changed some stuff in settings to try it out and also that worked fine!
From what we can tell the problem is that PHPSESS was in the URL that I gave him, which average user would think of that? I should have done that but I was tired and... really it shouldn't happen. Anyways I got a screenshot but it's nothing special about it, it looks like he is logged in like me: http://zetterlund.biz/error2.png
This discussion has been closed.