I mean, pretending to be someone in another instance, “stealing” the username, is trivial. I see the more likely targets being instance admins or high profile users. Should we worry somewhat about this?
I mean, pretending to be someone in another instance, “stealing” the username, is trivial. I see the more likely targets being instance admins or high profile users. Should we worry somewhat about this?
To an extent that’s true, but the standard web UI has this issue. It should not be like this in the standard configuration.
It’s open source so just open an issue about it if there already isn’t one.