View Issue Details

IDProjectCategoryView StatusLast Update
0000154Main CAcert Websitesource codepublic2013-01-14 01:15
Reporteruser678Assigned To 
Status closedResolutionfixed 
Fixed in Version2006 
Summary0000154: Privacy concern
DescriptionUnder which condition is the tverify bit set for a cacert user account? I found that it is the case for quite a lot of users - probably more than really needed.

The problem is, that any of these users can download thawte verification IDs (such as images of passports, drivers licences, etc) from the cacert database by changing the value of photoid in

As it might be helpful to have some people to assist with the verification, there is no need to give them permanent access to these files.

I recommend to review the accounts having tverify set and to block access to already verified userphotos.
TagsNo tags attached.
Reviewed by
Test Instructions



2006-03-05 21:45

developer   ~0000100


Issue History

Date Modified Username Field Change
2006-03-05 20:20 bluec New Issue
2006-03-05 21:45 duane Status new => closed
2006-03-05 21:45 duane Note Added: 0000100
2006-03-05 21:45 duane Resolution open => fixed
2006-03-05 21:45 duane Fixed in Version => production
2010-07-27 15:56 Sourcerer Reporter bluec => user678
2010-07-27 15:56 Sourcerer View Status private => public
2013-01-14 01:15 Werner Dworak Fixed in Version => 2006