[Mediawiki-l] made an administrator who hasn't yet established an account
jidanni at jidanni.org
jidanni at jidanni.org
Tue Aug 3 00:18:50 UTC 2010
Say, I noticed on Wikia one can make a user an administrator, even if he
has never logged in yet.
This exposes a security risk. A bureaucrat pre-makes some accounts for
future administrators, but before they establish accounts, somebody else
establishes an account with that name, and becomes an instant
administrator.
I'm wondering if the is a MediaWiki-wide bug, or just Wikia's.
More information about the MediaWiki-l
mailing list