I’m frightened

Posing and commenting as someone else - security problem

One meeting participant was able to log onto the system as me (the meeting inviter) just by clicking his invite link on his email. He managed to do this twice yesterday and write comments as me... I would say this is pretty serious problem...
2 people have
this problem
+1
Reply
  • I’m frustrated
    hmmm. Would there be an answer to this security issue. It is now 10 days since I reported this.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited sad, anxious, confused, frustrated

  • Oh we are terribly sorry for the long delay. There seems to be something wrong with Get Satisfaction mail notifications as none of our employees have received any information about anything that has happened in here!

    We agree that this is a pretty serious problem and this should never happen just by sending an invite to someone. We have rerun the tests regarding this feature and have found no unexpected behavior.

    Could it be possible that the person could somehow have access to emails which arrive at your inbox or that you would have forwarded this person some of the emails (or parts of emails) which you have received from Meetin.gs?

    These are situations where other user might gain access to your account as the emails contain a link which allows logging in to the service as the email recipient.

    If none of this applies, I would ask you to send the invite email in question as a forwarded message directly to me so that I can try to pinpoint what causes this.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited sad, anxious, confused, frustrated

  • To fix this issue we have placed some changes on our roadmap. We will soon implement an automatic email PIN verification for untrusted devices. This would make it impossible for other people to gain access to the users meetings even if an email containing an authentication key is sent to other parties.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited sad, anxious, confused, frustrated