Currently, all event announcement emails are sent out with an auto-login feature to enable club members to register for an event without the need to manually log in to their WA site. This is a serious security flaw. If an adversary gets their hands on a user’s mailbox (this happens frequently) then they can log in to WA and impersonate the user. If this user is an administrator of the given WA site then the attacker can literally destroy all data, modify them or steal identity information not only of a single user but ALL members and contacts. The adversary may also steal PayPal tokens and POS information. The current time constraint on such links is insufficient because reminder emails also contain auto-login links and they are sent out in intervals that give an attacker a large window for compromise.
Auto-login should be optional. Organisations that want to use this feature need to be made aware of the risks.
In particular, I would like to request to make auto-login links in emails to users with administrator privileges optional because of the greater impact of a compromise of such an account and because these users typically log in regularly anyway and have accepted the need for authentication for all their other actions on WA.
Anonymous
Currently, all event announcement emails are sent out with an auto-login feature to enable club members to register for an event without the need to manually log in to their WA site. This is a serious security flaw. If an adversary gets their hands on a user’s mailbox (this happens frequently) then they can log in to WA and impersonate the user. If this user is an administrator of the given WA site then the attacker can literally destroy all data, modify them or steal identity information not only of a single user but ALL members and contacts. The adversary may also steal PayPal tokens and POS information. The current time constraint on such links is insufficient because reminder emails also contain auto-login links and they are sent out in intervals that give an attacker a large window for compromise.
Auto-login should be optional. Organisations that want to use this feature need to be made aware of the risks.
In particular, I would like to request to make auto-login links in emails to users with administrator privileges optional because of the greater impact of a compromise of such an account and because these users typically log in regularly anyway and have accepted the need for authentication for all their other actions on WA.