wathne
commented
2 weeks ago Tentatively fixed by wathne https://github.com/wathne/dat250-2024-assignment/commit/5f71ed94ce482f703e605f54d4d7a151be1a9911
See also relevant commits by wathne and LisaCabot.
Sessions by wathne https://github.com/wathne/dat250-2024-assignment/commit/5f71ed94ce482f703e605f54d4d7a151be1a9911 https://github.com/wathne/dat250-2024-assignment/commit/74606aa24f0dad8e4f9ed22f7524c89e53d48901 https://github.com/wathne/dat250-2024-assignment/commit/b12666dc532db3d4e92156f01dc3cab458d63085 https://github.com/wathne/dat250-2024-assignment/commit/2bdfbbca3d5af7f8d112c2182c9a077fc9039f1b https://github.com/wathne/dat250-2024-assignment/commit/64b6eb4eba2cb89b34070b0a1a7e70c66722d04f
Input validation by LisaCabot https://github.com/wathne/dat250-2024-assignment/commit/293c397cf9618bedfb7efce62eb724e83669b4db https://github.com/wathne/dat250-2024-assignment/commit/8ac7f7dff2b1643885e7441e9e102b27ec959110 https://github.com/wathne/dat250-2024-assignment/commit/f0c8bce8c90c7e14fe79e406cb331e536d9bba60 https://github.com/wathne/dat250-2024-assignment/commit/318594138da915aa798107e2fe36a1262238a56e
Password hashing by LisaCabot https://github.com/wathne/dat250-2024-assignment/commit/4c88b41a216f048c071edce87776349c5bd894cf https://github.com/wathne/dat250-2024-assignment/commit/4dd57e98ae0ff086eefd55653a854e739277ce3d https://github.com/wathne/dat250-2024-assignment/commit/61209ff6f5a269edcd67cee44aabd3e031ccfa79 https://github.com/wathne/dat250-2024-assignment/commit/2175a278dcde5b0a1f96775f3720bb3d838a23c0 https://github.com/wathne/dat250-2024-assignment/commit/a0d32dd0bc41482c4f79be566a5755c800b46dd1
Database user retrieval by wathne https://github.com/wathne/dat250-2024-assignment/commit/46ec51f8f4c541d52b3727d77906e66525abf71b https://github.com/wathne/dat250-2024-assignment/commit/7b9d49ab294293b3f29a25484f82f7b42d4365cd
Description: You can access another user’s account, profile, friend list, and pose as them in Stream. Potential Impact: Extract user information that the user put on their profiles or post in Stream. Pose as another User, access to their friends and Friends account and posing as them as well. Affected part of the application: User pages Type of vulnerability: Improper Authentication (https://cwe.mitre.org/data/definitions/290.html)