Hi All, i am a new user for osticket, i m loving its gui.. and i also am happy for seeing such a active community in the backend. btw, i am just wondering wat i noticed is a security flaw or is it a known feature. say this situation:
1. There is a web based enquiry from a visitor.
2. It becomes automatically as a ticket for our internal staff to handle
3. Once the ticket is replied with an update, it goes as a email to the visitor who made the enquiry (along with the ticket number and the email id)
4. WHAT IF the visitor uses the ticket number as a password and email id of the staff as a user name and login, wont it give complete access to the tickets of the staff ?
Is there a work around. Please let me know if i m heading wrong.
