BEWARE! logs in as other user

  • I installed the “ManageWP – Worker” plugin on website while logged in as my own username. Went to managewp.com and logged in, added the new site. Then I selected to “log in to the site dashboard” and it logged me in as a completely different user. I informed their support and received a boilerplate response (nothing worthwhile) so PLEASE USE CAUTION. EVERY SINGLE WEBSITE YOU PLACE ON THIS SERVICE CAN BE POTENTIALLY COMPROMISED BY THIS SECURITY FLAW

    PLEASE BE CAREFUL USING THIS SERVICE I WAS LOGGED IN AS A DIFFERENT USER WITH ADMINISTRATOR PRIVILEGES!!!!!!!!!!!!

Viewing 1 replies (of 1 total)

  • Hi,

    I’ve checked the reply that you were talking about and you are right, it is not the proudest moment of ours but, later my other colleague explained exactly how the system works, so I will repeat it here too.

    How the system works is that when you first install and activate Worker plugin, during the process of adding the website, our system will take the first admin user on the list. The reason for that is that you did not give us credentials at any point. Upon successful adding, you can change the user from your admin menu.

    On the other hand, when you let our system install and activate Worker, you are asked for the credentials and that user is taken (the one that you gave credentials for). Also, same as before, you can later change it on your admin menu of thew website in question.

    Your websites could not be compromised at any given point. Once added to your dashboard, the website could not be added to any other dash.

    Also, I want you to know that you could get back to us at any given point if you have any more questions or concerns.

    Cheers!

Viewing 1 replies (of 1 total)
  • The topic ‘BEWARE! logs in as other user’ is closed to new replies.