View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000154 | Main CAcert Website | source code | public | 2006-03-05 20:20 | 2013-01-14 01:15 |
| Reporter | Assigned To | ||||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Fixed in Version | 2006 | ||||
| Summary | 0000154: Privacy concern | ||||
| Description | Under which condition is the tverify bit set for a cacert user account? I found that it is the case for quite a lot of users - probably more than really needed. The problem is, that any of these users can download thawte verification IDs (such as images of passports, drivers licences, etc) from the cacert database by changing the value of photoid in https://www.cacert.org/account.php?id=51&photoid=4&img=show As it might be helpful to have some people to assist with the verification, there is no need to give them permanent access to these files. I recommend to review the accounts having tverify set and to block access to already verified userphotos. | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2006-03-05 20:20 |
|
New Issue | |
| 2006-03-05 21:45 | duane | Status | new => closed |
| 2006-03-05 21:45 | duane | Note Added: 0000100 | |
| 2006-03-05 21:45 | duane | Resolution | open => fixed |
| 2006-03-05 21:45 | duane | Fixed in Version | => production |
| 2010-07-27 15:56 | Sourcerer | Reporter | bluec => user678 |
| 2010-07-27 15:56 | Sourcerer | View Status | private => public |
| 2013-01-14 01:15 | Werner Dworak | Fixed in Version | => 2006 |
