David Schorow

My feedback

  1. 18 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Wishlist » Events  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    David Schorow commented  · 

    THIS IS A SECURITY VULNERABILITY!!!! There should not be an auto-login capability embedded in an email.

    I became aware of this issue when an event registration email was forwarded to me, asking if I am attending. There was no warning at the top or in the footer of the message. But this forwarded message gave me the ability to login as the sender and do anything on the Wild Apricot system as him. I could even close my WA pages, get back into them and still be logged in as this other user. This is a severe security vulnerability.

    David Schorow supported this idea  · 

Feedback and Knowledge Base