Hey everyone! I just had something rather weird and concerning happen. While browsing Lemmy through the default web interface, I clicked on a post link and got the usual server error. I refreshed the page and got the same thing. Then, I refreshed a second time and while the post loaded, I was a bit perplexed as my Lemmy theme was completely different. I thought that was weird, so I decided to go Settings. That’s when I realized that the username in the top right corner was not my own. Instead of “Shrinra”, it showed “aeharding”! I clicked the link for Settings just to see what would happen, and thankfully, it threw me out of the session entirely. In fact, my actual session was gone and I had to log back in.
A part of me thinks I am crazy. Has anyone else experienced this? If so, it is a known security issue? It is more than a bit concerning to think that someone else may be able to access someone else’s session just by navigating to a certain page.
Thanks!
As a note, @aeharding@lemmy.world is the developer of Voyager app.
Yep, I am familiar. :) It’s hard to not be with how popular wefwef/Voyager is.
Probably has some hard coded creds for dev work, and forgot to remove them.
This is an issue with Lemmy-ui which I have nothing to do with. I probably just won the lottery of being displayed as logged in. 😛
or just a placeholder