Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pre-Account takeover on Qwenchat online platform #1353

Open
2 tasks done
Madan301 opened this issue Feb 5, 2025 · 0 comments
Open
2 tasks done

Pre-Account takeover on Qwenchat online platform #1353

Madan301 opened this issue Feb 5, 2025 · 0 comments

Comments

@Madan301
Copy link

Madan301 commented Feb 5, 2025

是否已有关于该错误的issue或讨论? | Is there an existing issue / discussion for this?

  • 我已经搜索过已有的issues和讨论 | I have searched the existing issues / discussions

该问题是否在FAQ中有解答? | Is there an existing answer for this in FAQ?

  • 我已经搜索过FAQ | I have searched FAQ

当前行为 | Current Behavior

An attacker, using only the victim's email ID, can sign up on behalf of the victim without any verification. Once the victim logs in, the attacker can access their chat data, files, and activity.

期望行为 | Expected Behavior

Link the email id and the authid that you are generating after the google oauth code grant flow.

复现方法 | Steps To Reproduce

Refer - [https://gofile.io/d/9mx2iL]

运行环境 | Environment

- OS:
- Python:
- Transformers:
- PyTorch:
- CUDA (`python -c 'import torch; print(torch.version.cuda)'`):

备注 | Anything else?

No response
@Madan301 Madan301 changed the title [BUG] <title> Pre-Account takeover on Qwenchat online platform Pre-Account takeover on Qwenchat online platform Feb 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Madan301