Feeds

back to article Rugby World Cup reporters swap identities in login glitch

The Rugby World Cup has hit a security snag just over a week before the eagerly awaited tournament kicks off in New Zealand. Media partners logging into the dedicated media centre system were confronted with the profiles of other journalists instead. Sysadmins are trying to get to the bottom of the problem, in the meantime they …

COMMENTS

This topic is closed for new posts.
FAIL

Caching

Clearly the sysadmins know that. Are the developers aware of session management?

2
0
Pirate

seriously??

reload page until your details come up???

In the meantime pretend you didnt see all the other peoples data. and dont copy and paste it.

tell them to stop using WHERE 1 LIMIT RAND(),1 in their mysql query !! LOL

0
0
Thumb Up

Excellent

Rugger buggers' buggy buggerup - you guys really know how to knock ´em out!

Good stuff

0
0
Joke

Really from RWC 2011 Media Centre?

or is it from e.g. an El Reg commentard who just happened to get that profile up when logging in?

0
0
FAIL

Sounds familiar

I've had that at a company where I had worked for a week for evaluation purposes.

They had a shop-in-shop system and some shop administrators would get logged in into the wrong shop backend. Turned out the login function just compares user and password hash, not the actual shop id. So the first match was used, which was not always the correct one. Especially with the shops the company administrated since those all had the same user/pass.

They never offered me a job so it hasn't been fixed and there is no one at the company even capable of understanding the problem, never mind fixing it. I left a note for a hot-fix (never ever use the same username for two shops) but I doubt anyone there can even understand that.

1
0

Let's all Thread safely people

Someone's session manager isn't thread safe!

0
0
This topic is closed for new posts.