this post was submitted on 31 Jul 2023
33 points (97.1% liked)

Lemmy.world Support

3230 readers
1 users here now

Lemmy.world Support

Welcome to the official Lemmy.world Support community! Post your issues or questions about Lemmy.world here.

This community is for issues related to the Lemmy World instance only. For Lemmy software requests or bug reports, please go to the Lemmy github page.

This community is subject to the rules defined here for lemmy.world.

To open a support ticket Static Badge


You can also DM https://lemmy.world/u/lwreport or email report@lemmy.world (PGP Supported) if you need to reach our directly to the admin team.


Follow us for server news ๐Ÿ˜

Outages ๐Ÿ”ฅ

https://status.lemmy.world



founded 1 year ago
MODERATORS
 

Hey everyone! I just had something rather weird and concerning happen. While browsing Lemmy through the default web interface, I clicked on a post link and got the usual server error. I refreshed the page and got the same thing. Then, I refreshed a second time and while the post loaded, I was a bit perplexed as my Lemmy theme was completely different. I thought that was weird, so I decided to go Settings. That's when I realized that the username in the top right corner was not my own. Instead of "Shrinra", it showed "aeharding"! I clicked the link for Settings just to see what would happen, and thankfully, it threw me out of the session entirely. In fact, my actual session was gone and I had to log back in.

A part of me thinks I am crazy. Has anyone else experienced this? If so, it is a known security issue? It is more than a bit concerning to think that someone else may be able to access someone else's session just by navigating to a certain page.

Thanks!

you are viewing a single comment's thread
view the rest of the comments
[โ€“] iso@lemy.lol 10 points 1 year ago (2 children)

As a note, @aeharding@lemmy.world is the developer of Voyager app.

[โ€“] Shrinra@lemmy.world 7 points 1 year ago

Yep, I am familiar. :) It's hard to not be with how popular wefwef/Voyager is.

[โ€“] Blamemeta@lemmy.world 5 points 1 year ago (2 children)

Probably has some hard coded creds for dev work, and forgot to remove them.

[โ€“] aeharding@lemmy.world 8 points 1 year ago

This is an issue with Lemmy-ui which I have nothing to do with. I probably just won the lottery of being displayed as logged in. ๐Ÿ˜›

[โ€“] kuneho@lemmy.world 1 points 1 year ago

or just a placeholder