Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • GREG-411-stop-email-to-unaffiliated-sponsors
  • identityconstraint
  • GREG-339
  • theming-uia
  • always-pull-base-image
  • se-her
  • duplicate-outidentifier
  • GREG-294
  • sentry-future-adblock-solution
  • set_nin_from_feide
  • GREG-213-doubled-notifications
  • GREG-SOMETHING-make-a-new-name
  • GREG-95-import-sponsors
  • allow-implicit-any
  • GREG-67-guests-no-feide
  • GREG-60_summary_page_updates
  • test_jest_fetch_mock
  • GREG-36-feide-auth
  • GREG-39-form-validation
20 results
Blame Permalink
  • Andreas Ellewsen's avatar
    a6dd5745
    Add flag to prevent nin verification in frontend · a6dd5745
    Andreas Ellewsen authored and Jonas Braathen's avatar Jonas Braathen committed 
    If a sponsor verifies a nin that is already in use by an account in
cerebrum, the guest will gain access to that account, which in turn
allows the guest to change the password of that account. This makes it
possible to abuse the guest service to steal the account of users.

A feature that checks for this problem, and helps the sponsor make a
decision on it, will be introduced in the near future. At that point
nin verification can be enabled again.

Resolves: GREG-202
    a6dd5745
    History
    Add flag to prevent nin verification in frontend
    Andreas Ellewsen authored and Jonas Braathen's avatar Jonas Braathen committed 
    If a sponsor verifies a nin that is already in use by an account in
cerebrum, the guest will gain access to that account, which in turn
allows the guest to change the password of that account. This makes it
possible to abuse the guest service to steal the account of users.

A feature that checks for this problem, and helps the sponsor make a
decision on it, will be introduced in the near future. At that point
nin verification can be enabled again.

Resolves: GREG-202