By Untitled
04 Aug 2021 11:31
Category: Bug Report
While browsing the 3D photo gallery on 3dspaint on my 3ds, I saw a picture I was interested in viewing. This much is normal. I clicked on the photo, viewed it, rated it, and clicked the home button when something strange caught my eye as I left the page. Where it says "Welcome Untitled" (for me) next to the Logout button, I saw it saying welcome to a different username.
Of course, this was strange, so I instantly went back to the page to make sure I wasn't going crazy. I wasn't. A different username took my spot. Upon further investigation of various 3d photos, my fidings were this:
When you view a 3d photo from someone's gallery, the site temporarily gives you the owner's username, avatar, background, and theme (light or dark).
Essentially, when you view a 3d photo from the gallery, you steal the owner's identity.
This shouldn't be a security issue, since it seems that when you leave, you revert back to your normal self, but I am not educated enough in website security to make that call, so please look into this quickly if you think it may be a matter of member security threat. I don't expect that people with malicious intent would check the 3d photo gallery though for bugs.... (After all, who uses the 3d photo gallery these days...?)
It's going to just be a display issue, but it does need to be resolved. Generally, pages will include details for 2 users: The currently logged in one and the one who owns the content of that page. The code is most likely just pulling the wrong one in the display.
History
@UwUQueen marked this request as resolved.
01 Aug 2024 01:07
By 
By