Email domain discovery weakness

Question

Email domain discovery weakness

jace opened this issue 8 years ago · 2 comments

A user who has an email address at a particular domain (non-webmail only) can discover all other users with email addresses at that domain by creating an organization associated with that domain. This will add all those users as members.

This is currently not high impact (mostly gmail users), but could potentially be.

Answer 1 · 2017-08-02T12:06:27.000Z

The only obvious resolution to this issue is by reversing #108 and removing automatic team membership by domain. We may revisit this with a better solution in #185 with periodic verification.

Answer 2 · 2017-08-07T11:56:30.000Z

Fixed in 44d995e