Skip to content

Add flag to prevent nin verification in frontend

Andreas Ellewsen requested to merge GREG-202-prevent-verify-fnr-flag into master

If a sponsor verifies a nin that is already in use by an account in cerebrum, the guest will gain access to that account, which in turn allows the guest to change the password of that account. This makes it possible to abuse the guest service to steal the account of users.

A feature that checks for this problem, and helps the sponsor make a decision on it, will be introduced in the near future. At that point nin verification can be enabled again.

Resolves: GREG-202

Merge request reports

Loading