Reply
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply

Critical Security issue in Messaging Service

Oct 7, 2015 04:58:28 AM by Md. Shihab U

Highlighted
isheehab
Active Member
Md. Shihab U Member Since: Oct 7, 2015
1 of 12

Oct 7, 2015 04:58:28 AM by Md. Shihab U

Please check the link below , I have recorded the screen and uploaded the video in youtube

 

https://www.youtube.com/watch?v=EoKtyfWgnPA

Reply
jsutherland
Community Guru
Jean S Member Since: Oct 22, 2007
2 of 12

Oct 7, 2015 05:12:31 AM by Jean S

Is it that the message system is not connected to Upwork but is run by a different server or management system?

0 Kudos
Reply
isheehab
Active Member
Md. Shihab U Member Since: Oct 7, 2015
3 of 12

Oct 7, 2015 05:20:57 AM by Md. Shihab U

I dont think so, When we log out the current session and cookies get deleted so that user can't view anything without logging again, but when we are logged out from the site we still can send message and read new message from clients untill we reload the messaging page, I think before sending a message or recieving a message the system should check if the user is logged in or not.

Reply
lysis10
Community Guru
Jennifer M Member Since: May 17, 2015
4 of 12

Oct 7, 2015 05:20:18 AM by Jennifer M

Does the message actually send though? You see it in the window as sent, but that doesnt mean it was actually sent. 

0 Kudos
Reply
isheehab
Active Member
Md. Shihab U Member Since: Oct 7, 2015
5 of 12

Oct 7, 2015 05:22:08 AM by Md. Shihab U

Didnt you notice I logged in again to check if the message was sent ot not, and the message was sent I checked by relogging in.

Reply
lysis10
Community Guru
Jennifer M Member Since: May 17, 2015
6 of 12

Oct 7, 2015 05:27:09 AM by Jennifer M

You see it but is it actually sent? The customer can confirm that.

 

I've suspected that part of the messaging system issue is the sessions, so people type a message and it never goes through because they're logged out. This would follow along with my theory, but I'm just guessing.

 

.

0 Kudos
Reply
isheehab
Active Member
Md. Shihab U Member Since: Oct 7, 2015
7 of 12

Oct 7, 2015 05:31:56 AM by Md. Shihab U

I am confirming you the message was sent. i have checked it by re-loggin in afterdeleting Browser cache. yesterday My client also replied to my message,

Reply
isheehab
Active Member
Md. Shihab U Member Since: Oct 7, 2015
8 of 12

Oct 7, 2015 05:47:33 AM by Md. Shihab U

 
Reply
isheehab
Active Member
Md. Shihab U Member Since: Oct 7, 2015
9 of 12

Oct 7, 2015 05:48:44 AM by Md. Shihab U

I have checked from my phones messaging app. And the message was there too.
Reply
claudiacezy
Community Guru
Claudia Z Member Since: Jul 28, 2015
10 of 12

Oct 7, 2015 07:36:55 AM Edited Oct 7, 2015 07:45:25 AM by Claudia Z

At 3:20 it prompts to remember the password. Maybe its something to do with how the browser saves cookies/password...

 

 

I could replicate the exact behaviour on facebook. Dont have someone to check this on upworkSmiley Happy

Reply
TOP KUDOED MEMBERS
View All

COMPANY

RESOURCES

BROWSE