Grant Admin without LoggingIn

barreeeiroo · August 27, 2017, 11:32pm

I’m not sure if this should be done without logging in, but I was able to grant admin without logging in with my account:

What I’ve done was to Grant Admin to an user, logout, hit thr hab nk on the email and I verified the admin

I think that forbgranting administration it must be required to be signed in in all process, not just in the beggining, because anyone can accept that admin access

fefrei · August 28, 2017, 8:54am

How? Accepting that requires the link in the mail.
If an attacker can somehow get links in mails sent to you, he can also just reset your password and login.

Topic		Replies	Views
Require mail confirmation to grant admin privileges feature	15	4096	December 28, 2017
Granting Admin access, emails never arrive support	5	959	June 26, 2018
How to disable mail confirmation to create admins installation	1	696	February 28, 2019
Admin rights without granting? support	3	481	October 27, 2017
Invite by email without registering? support	4	660	January 25, 2021

Grant Admin without LoggingIn

Related Topics