Publish Date: Feb. 1, 2019
SummaryWe've identified and fixed a vulnerability in the Spiceworks Community that would allow an attacker to determine the country of a user, even if that user had chosen to not share the information.
Who’s Affected?At this time we do not believe anyone was impacted by this vulnerability.
DetailsWhen a Spiceworks Community account is created, the country of the user is automatically tracked. This information, however, is not publicized unless the user decides to share it in their profile. An attacker could use other means to acquire the user’s ID, and then execute a specific HTTP request with that ID to determine the user’s country.
While there is no direct security threat involved with determining a user’s country, if combined with other data elements, this could potentially identify an individual....