1. Its that strange that you found it in multiple projects
    Its listed in the top 25 http://cwe.mitre.org/top25/

    Sans compares it with http://cwe.mitre.org/data/definitions/285.html;
    Suppose you’re hosting a house party for a few close friends and their guests. You invite everyone into your living room, but while you’re catching up with one of your friends, one of the guests raids your fridge, peeks into your medicine cabinet, and ponders what you’ve hidden in the nightstand next to your bed.

    Rolf Huisman

  2. The vulnarability isn’t new, but the responses from most developers is what scared me the most. Most developers choose the easy way to fix this.

    Most of the time this will be due to unsufficient funds/time and lack of security awareness. Fixing this afterwards is expensive so is sometimes left out. Also deadlines force developers to skip this, and the project management should make time afterwards to repare this.

    Erik Oppedijk

  3. It gets even worse: By moving the information to a hidden field, a cookie or what not you create new problems that require an even more complex solution. And that while the real solution to the problem is pretty simple to implement using some roles and a few settings 😉


  4. En het is zeker geen theoretisch probleem. Heb je dit gelezen? http://www.nu.nl/internet/1944739/site-geschillencommissie-was-jarenlang-lek.html


Comments are closed.