Security flaw in regards to BuddyPress member username/display name?
-
Using the Display Name, in BuddyPress Profile Fields, does not save the information to the WordPress User Edit section.
When I’m using BuddyPress and I edit a member profile name, it does not save and display the new name. It only displays the name that the user (or I) logs in with. No matter how many times I edit the profile name in the BuddyPress profile settings, it will not save.
However, when I edit the User via the WordPress Edit User, I can save the name correctly so that it doesn’t display the login name. But, if I go back and edit the BuddyPress Profile settings to change the name again, it reverts back to the login name and will not save or maintain the previous changes.
This is not secure/safe as everyone can see the login name and only have to guess the password to login to other peoples accounts.
Is BuddyPress, by default, not supposed to show a “Nickname” rather only show the login name? I’ve been trying to figure this out for hours and my brain is finally fried, so I figured to post this here.
-
Yes, that’s it Chris. I may have jumped ahead and called it a security flaw incorrectly. What I meant was that, if this bug was actually working as intended, it didn’t allow members to change their display name, which could cause people to think that it was a security issue. That people wouldn’t join if their login was visible. Since the WordPress allows a Nickname to be visible and that BuddyPress didn’t, that some could see it as a flaw.
Since it it being fixed, it showed me that it wasn’t intended and that someone else knew of this and was working to fix it.
Thanks for the response
- The topic ‘Security flaw in regards to BuddyPress member username/display name?’ is closed to new replies.
