MIT Error?!

[Tom McCurdy]

I was working on filling out my college application for MIT when I had timed out... so I went back to the site and hit undergrad admissions... and volla without typing in a username or password I was in the editing area for a student in california I have never met. How is it possible that I was able to not only view some random person applicaton but I also had editing capabilities (although I did not touch his application in anyway). It really surprised me to find MIT to have such an error-- it also made me worried for security purposes about my application.

[Math Is Hard]

uh oh. Sounds like a session variable mixup. I am surprised that happened on MIT's site.

[Tom McCurdy]

lol

if this happened to me what do you think the odds are of other problems similiar in nature

[Anttech]

Thats bad :) especially for an IT depts site... Sounds like that server needs some love and care!...

I wonder how that could happen... Unless you were bothing coming in from the same IP address (behind some NAT device) and either someone was MITM attacking and messed up or the NAT device, Port allocation table was messed around with/mess up....

Strange how you could get a Someone elses session

Did you report that to the server admin?