Security Patch: Account Activation with Unverified Email
16 views
Skip to first unread message
Adam Palay
Jul 20, 2016, 4:03:12 PM7/20/16
to openedx-...@googlegroups.com, edx-...@googlegroups.com, opene...@googlegroups.com
During an automated security audit of the edX platform code, we discovered a bug in the email verification and account activation process. This bug allows a malicious user to activate an account with an unverified (invalid or someone else’s) email address.
Read the full security announcement here: https://open.edx.org/announcements/security-alert-account-activation-unverified-email
Read the full security announcement here: https://open.edx.org/announcements/security-alert-account-activation-unverified-email
Thanks,
Adam
Reply all
Reply to author
Forward
0 new messages