ChalkandFeather
commented
10 months ago This has been updated! Users are no longer able to create an account with a duplicate username. This is the message generated with a duplicate username entry "Please fill in all required fields"
Recommend More specific message "Username already registered. Please try a different username" AND Asterix to denote the effected field.
Please scroll down to recent comments for update
The Issue: Users are able to create accounts with duplicate usernames.
Steps to reproduce: Navigate to the 'sign-up' page. Enter a username that is already in database ( MongoDB baldbible Users) Complete the sign-up process.
Priority: P2 (moderately high) frequency (1 to 5) 3 (5) severity (1 to 5) 4 (high)
Expected Behaviour: User registration should prevent the creation of accounts with duplicate usernames. An error message should be displayed, indicating that the chosen username is already taken.
Actual Behavior: The registration process is completed successfully, even when using a username that already exists in the system. No error or warning is shown.
Potential Security Implications: Identity confusion: Users may be able to impersonate others with the same username. Account takeover risk: This could lead to unauthorised access to accounts with common usernames.
Recommendations: Urgently implement a fix to enforce unique usernames during the registration process. Perform a thorough review of other related security measures to ensure the integrity of user accounts.