Thread: Userplane AeDating Intergration Security Issue

It has come to my attention, thanks to a report by one of our ModMySite users, that there is a security issue in the aeDating Userplane intergration code.

At this time, I will not be releasing any details about this - other than to say it exists, and has been verified on several sites running aeDating with UserPlane. One of the tested sites was not affected - but they have modified the original intergration code.

I notified UserPlane about this problem on or about July 14th. They, in turn, told me they notified aeWebWorks, as it is not UserPlane itself with the problem, but the aeDating intergration code.

Several PM's went back and forth between me and UserPlane about this, and they have been great. However, they would like either aeDating, or us, to fix this issue - since the affected code is not theirs.

Later emails from UserPlane indicated that aeWebworks took no action on this problem. My last PM with UserPlane about this was on July 23rd.

I can work on this fix, but I would need to schedule it . I think the fix is easy, but it also needs to be tested some.

Can I get some feedback from the community on how to proceed?

Do we do it here, or do you UserPlane users bug aeDating to come out with a fix, and notify all affected users of the problem?

Smoge

Smoge,

I reckon we should be hassling AE as it's their bug...but I don't know what to tell them as I haven't been able to do what you did to expose the flaw

I just responses like there are no bugs....we fix them all straight away


Cheers,
--
Rx

Smoge,

I don't have Userplane running on my site but here's my 2 cents. I think members who use Userplane should complain to Aeweb as it is their application anyway. We already have to deal with so much bugs that we don't have enough time for.

I believe we should focus our energy in "Modding" or enhancing the site.

We need to unite and "lobby" to wake up Aeweb and give back the support they promised when we bought the software.