View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006698 | OXID eShop (all versions) | 4.04. Security | public | 2017-09-25 09:28 | 2019-10-29 11:24 |
| Reporter | cesnauskast | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Target Version | 6.1.5 | Fixed in Version | 6.0.6 | ||
| Summary | 0006698: It's possible to search for e-mail addresses via gift registry search | ||||
| Description | It's possible to find out e-mail addresses from gift registry search panel | ||||
| Steps To Reproduce | Pre-conditions: 1. There exist a registered user (i.e. [email protected]) with at least 1 item added to gift registry 2. Under My account->My gift registry an option "Everyone shall be able to search and display my gift registry" is set to "Yes" 1. Open shop (i.e. demoshop) 2. Go to "Public gift registries" (at the bottom of the page, under "Services") 3. Enter part of the possible e-mail address (i.e. @gmail.com or just "@") In the search results you will see something like "Gift registry of John Doe" By knowing this information you can guess the username of the email (i.e. [email protected], [email protected], [email protected], etc.) | ||||
| Tags | Data Privacy, Email, Gift Registry | ||||
| Theme | Not defined | ||||
| Browser | Not defined | ||||
| PHP Version | Not defined | ||||
| Database Version | Not defined | ||||
