Loading Profile...
Security issue: Regular user (NOT employee) has full access to admin prefs
I am not an employee of TweetDeck - but while browsing their GS product page I noticed the blue "Edit this product" button in the right-hand column. I clicked to see if I could actually edit TweetDeck's product information. I could. I tested it with an otherwise unnoticable change - a small typo, so as not to interfere with their community operations. Unfortunately, the change stuck, meaning I could edit potentially any of the information on their GS page. This seems like a pretty big security risk to me, especially since I do admin a different page - which I suspect might be related.
I'm happy to give more details if necessary. Feel free to email me, I've shared my email address for this submission.
Walker Adamson
RealNetworks, Inc.
I’m concerned
1
person has this problem
I have this problem, too!
Tell me when someone solves it.
The more people who report this problem, the more it gets noticed.
The more people who report this problem, the more it gets noticed.
The company thinks this is not a problem.
-
Inappropriate?Hi, Walker. I responded in another topic you added, but wanted to just close the loop here. We let the community add and edit products if there are no company employees to do so. Once an employee shows up, we lock it down so they have control over the product details.
The company and 1 other person say
this solves the problem
-
Inappropriate?Wow, I feel silly now... better safe than sorry I guess? Thanks for your reply, Eric. Good to know...
I’m relieved, sheepish
CHAMP
