Hacker News new | past | comments | ask | show | jobs | submit login

there was a comment in one of the reddit threads that someone was able to create a vlan on someone else's network



It's hard to be certain while we're just speculation, but a view caching bug could make it _look_ like you're making changes to the other user's console even if they're actually going to your own console.


It could also be caching something that contains a token that can perform other actions. The disparate reports of different pages and being able to navigate make it sound like this is at some API level, not literally caching the console page view.


This is my line of thinking. It's bonkers if that's the case - sign of a completely broken mindset towards auth.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: