- Affected App
- WoltLab Suite Core
I received some mails from our memebrs, refering that randomly they was able to connect in our forums on an other member account simply clicking a link in our forums or in a link from an auto e-mail (Notification mail).
Those links except the normal path, also including session ID from members accounts, and by clicking at those links, you are able to auto-connect on an other user account.
An example is the next picture below, from a notification mail send us a member.
The Language string from this mail notification (wbb.post.notification.mail) is....
Code
Ο/Η "{@$author->username}" απάντησε στο θέμα "{@$userNotificationObject->getThread()->topic}" του φόρουμ "{@$userNotificationObject->getThread()->getBoard()->title|language}":
{link controller='Thread' object=$userNotificationObject->getThread() application='wbb' encode=false forceFrontend=true}postID={@$userNotificationObject->postID}{/link}#post{@$userNotificationObject->postID}
This is a critical security bug and I realy don't know how to stop it.
Imagine what will be if an Administrator session ID is leaking by this way.
Thanks in advance for your Help..
Dimitris.