My feedback

1 result found

1. Ability to customize security aspects of {Registration_buttons} macro (warning message, auto-login behavior) in event announcements emails

   32 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   8 comments  ·  Wishlist » Events  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Submit Rating
   An error occurred while saving the comment
   David Schorow commented  ·  Aug 23, 2019  ·  Edit…  ·  Delete…

   THIS IS A SECURITY VULNERABILITY!!!! There should not be an auto-login capability embedded in an email.

   I became aware of this issue when an event registration email was forwarded to me, asking if I am attending. There was no warning at the top or in the footer of the message. But this forwarded message gave me the ability to login as the sender and do anything on the Wild Apricot system as him. I could even close my WA pages, get back into them and still be logged in as this other user. This is a severe security vulnerability.

   Save Submitting...
   David Schorow supported this idea  ·  Aug 23, 2019