Quantcast
Channel: Visual Studio and Visual Web Developer Express
Viewing all articles
Browse latest Browse all 3509

Bug in OAUTH of ASP.NET 4 Membership

$
0
0

I just noticed that when using the standard new site template in asp.net 4 and enabling oauth, you can hijack or overwrite other accounts.

Say you create an account for mike@mike.com.

Then you login via google with tom@tom.com and asp.net asks for you to enter an e-mail address to link with your local account.

Now you enter mike@mike.com with a new password.

And voila, mike can't log in anmyore, since tom signed up. Not sure if tom is hijacking mikes account or just deleting it, but this definitly isn't a feature to be to proud of.


Can you reproduce this?


Viewing all articles
Browse latest Browse all 3509

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>