Unauthorised users

Are you responsible for making OJS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
The Public Knowledge Project Support Forum is moving to http://forum.pkp.sfu.ca

This forum will be maintained permanently as an archived historical resource, but all new questions should be added to the new forum. Questions will no longer be monitored on this old forum after March 30, 2015.
Posts: 4
Joined: Mon May 30, 2005 1:07 pm
Location: Cape Town, South Africa

Unauthorised users

Postby ytoefy » Thu Feb 15, 2007 1:30 am


I do not know whether this problem had been addressed in the past, but here goes:

Cleaning my users lists, I found unknown users registered as section editors, editors, even as a journal manager. I tried to simulate this by registering as a new user, but I could not get beyond reviewer status. We recently move servers and we upgraded to the latest version of OJS. Can someone help me to plug this security issue?

Thank you


Posts: 10015
Joined: Wed Aug 10, 2005 12:56 pm

Postby asmecher » Thu Feb 15, 2007 10:56 am

Hi Yoesrie,

We haven't heard of this kind of flaw; the closest I can think of is a flaw in OJS 2.0.0 through 2.0.2-1 that affected administrator validation, but I don't think there are any exploits in the wild. It's much more likely that these roles came via your upgrade path -- did you migrate from OJS 1.x? -- or things like accidental enrollments, role merges, or maybe a simple account breach through a guessed password.

It's difficult for me to ascertain what happened from here beyond auditing the code; if you're able to find out any more information, please let me know.

Alec Smecher
Open Journal Systems Team
Don't miss the First International PKP Scholarly Publishing Conference
July 11 - 13, 2007, Vancouver, BC, Canada

Return to “OJS Technical Support”

Who is online

Users browsing this forum: No registered users and 2 guests