OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



Unauthorised users

Are you responsible for making OJS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
What to do if you have a technical problem with OJS:

1. Search the forum. You can do this from the Advanced Search Page or from our Google Custom Search, which will search the entire PKP site. If you are encountering an error, we especially recommend searching the forum for said error.

2. Check the FAQ to see if your question or error has already been resolved.

3. Post a question, but please, only after trying the above two solutions. If it's a workflow or usability question you should probably post to the OJS Editorial Support and Discussion subforum; if you have a development question, try the OJS Development subforum.

Unauthorised users

Postby ytoefy » Thu Feb 15, 2007 1:30 am

Hi

I do not know whether this problem had been addressed in the past, but here goes:

Cleaning my users lists, I found unknown users registered as section editors, editors, even as a journal manager. I tried to simulate this by registering as a new user, but I could not get beyond reviewer status. We recently move servers and we upgraded to the latest version of OJS. Can someone help me to plug this security issue?

Thank you

Yoesrie
ytoefy
 
Posts: 4
Joined: Mon May 30, 2005 1:07 pm
Location: Cape Town, South Africa

Postby asmecher » Thu Feb 15, 2007 10:56 am

Hi Yoesrie,

We haven't heard of this kind of flaw; the closest I can think of is a flaw in OJS 2.0.0 through 2.0.2-1 that affected administrator validation, but I don't think there are any exploits in the wild. It's much more likely that these roles came via your upgrade path -- did you migrate from OJS 1.x? -- or things like accidental enrollments, role merges, or maybe a simple account breach through a guessed password.

It's difficult for me to ascertain what happened from here beyond auditing the code; if you're able to find out any more information, please let me know.

Regards,
Alec Smecher
Open Journal Systems Team
---
Don't miss the First International PKP Scholarly Publishing Conference
July 11 - 13, 2007, Vancouver, BC, Canada
http://ocs.sfu.ca/pkp2007/
asmecher
 
Posts: 9212
Joined: Wed Aug 10, 2005 12:56 pm


Return to OJS Technical Support

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 4 guests