Skip to main content
  1. Home
  2. Support
  3. Questions

Is this a security problem? Change of details only needs email address

Ethan Clarke By 
February 08, 2013

So I'm setting up a signin form and I've noticed that if the user puts in an email address that is already in the database with conflicting name, address, phone, etc the database is updated with this new information. This even impacts users who have setup a password but no password is ever asked confirm authorization to go ahead with the changes.

More puzzling is that the changes don't appear in the activity stream of the page so the administrator wouldn't see that it's happening.

So all I would need to do mischief on the database is a bunch of email addresses which, in the case of this site (and probably lots of other), are publicly available.

Am I doing something wrong here or is this a known issue?

Notplanned

Official response from

We are aware of this and are taking concerns into consideration, but do not currently have plans to change this behavior.

At this time, if you are concerned about forms changing personal information, you can make forms only available to members, requiring someone to log in before submitting any form. You can also customize public forms to remove fields with information you do not wish to update in your nation without authorization and leave changes to a member-only page.

Suggestion - Website
Share this post

Showing 10 reactions

How would you tag this suggestion?

Sign in with

Please check your e-mail for a link to activate your account.
  • Bill Browne
    commented
    Helpful suggestion, not helpful response. To not even have changes flagged for admins/on the user dash makes it difficult to notice, correct and troubleshoot these frequent problems.
    posted 2019-05-06 19:54:33 -0700
  • Bill Browne
    tagged this with Helpful
    posted 2019-05-06 19:54:32 -0700
  • Dana Nguyen
    responded with not planned
    posted 2019-04-30 14:37:01 -0700
  • Dana Nguyen
    responded with considering
    posted 2017-03-06 17:51:16 -0800
  • Michael Eisenriegler
    commented
    Jason, this has NOT been fixed. This is one really serious bug and it has even more implications than people here describe, but I’m not reporting them in public. Please ask Flore Blondel-Goupil for details. I am amazed that Nationbuilder ignores such an important security issue for four years or more.
    posted 2017-03-03 02:30:33 -0800
  • Jason Meer
    NationBuilder employee
    responded with completed
    posted 2016-06-22 09:05:02 -0700
  • Natalie Cauldwell
    Certified Developer
    Certified NationBuilder Developer
    commented
    I just came across this issue when trying to setup a signup form for organizations. If a person already in our nation uses the same email address to signup their business their Person record is converted to an Organization record, the last name is overwritten with the business name, and everything else on the signup form is used to overwrite the existing record – even empty fields overwriting fields that previously had data.

    Seems like this can cause data corruption, whether or not the intent is malicious.

    I have emailed my point person about this and the main workaround that was suggested is to wrap all signup fields except for email and name with the conditional sorta_logged_in. That would allow/force users to “sorta” log in before updating any additional information on an existing record. This helps keep existing data from being overwritten – if only empty fields are shown on the signup form – but garbage data could still be entered in the empty fields.

    The best solution, in my opinion, is what Ethan suggested, “if you enter an email already in the database, you are challenged to log in”.
    But an alternate solution, I think, would be to implement the logic used in Imports – put a checkbox on the Signup Settings page that allows Control Panel users to choose whether or not a signup page will Overwrite existing data if it finds a match in the database.
    posted 2015-05-29 07:27:06 -0700
  • Ethan Clarke


    Certified Architect
    Certified NationBuilder Architect
    tagged this with Important
    posted 2013-04-06 17:10:21 -0700
  • Ethan Clarke


    Certified Architect
    Certified NationBuilder Architect
    commented
    Any movement on this question? Seems like a problem that should be addressed.

    At least the form should be set that the user is not logged in and submits an email address that is already in the database, any empty fields are ignored so the database isn’t updated to empty values.

    A better response would be that if you enter an email already in the database, you are challenged to log in, and if the address hasn’t been authenticated, to do so BEFORE you can make changes to the users record.

    I look forward to your response soon. We’re using this form on a system where we know quite a bit about individuals but they haven’t generally setup profiles on the NationBuilder system.
    posted 2013-02-15 10:20:53 -0800
  • Ethan Clarke


    Certified Architect
    Certified NationBuilder Architect
    responded with considering
    posted 2013-02-08 11:47:23 -0800

Status key

  • Answered: The question has been officially answered
  • Incomplete: More information is needed to answer the question