In the Ayamel production site, the "Create an Account" form accepts almost anything as input.
For example, I can put it a single character into the username form, and as long as it isn't a username that is already taken, thus an account can be created account without inputting any of the other information.
Similar issues are occurring on the beta site as long as matching passwords are typed in. For example I was able to create a user named ' OR SELECT * WHERE '1' = '1 (this didn't return any info from the database... but still...)
Anyways, since we are going to get rid of this functionality for Y-Video/future updates, it might be a good idea to get rid of it ASAP just in case.
In the Ayamel production site, the "Create an Account" form accepts almost anything as input.
For example, I can put it a single character into the username form, and as long as it isn't a username that is already taken, thus an account can be created account without inputting any of the other information.
Similar issues are occurring on the beta site as long as matching passwords are typed in. For example I was able to create a user named ' OR SELECT * WHERE '1' = '1 (this didn't return any info from the database... but still...)
Anyways, since we are going to get rid of this functionality for Y-Video/future updates, it might be a good idea to get rid of it ASAP just in case.