Scoutbook still gives admins edit access to stranger's profiles

Last year, I re-reported an issue that was originally described to SB a couple years before that, where any unit admin can give themselves read and edit access to any other Scoutbook adult’s profile through means so simple, they could be accidental. A fix was promoted but then rolled back, and nothing’s been done to address this privacy loophole, since. What is the ETA to protect Scouters’ personally-identifiable information (PII)? I’ve started moving my unit to this system, and I can’t even tell that the adults I’m adding are the right people, since some of them have very common names.

My post:
https://www.scoutbook.com/mobile/forums/bugs/154968/we-can-instantly-access-any-adult-user-s-pii-through-roster-builder/ 5

The original report:
https://www.scoutbook.com/mobile/forums/bugs/58565/unauthorized-access-by-users-from-a-different-pack-troop/ 4

My first update request in the new SB forums (closed on 6/24/19):

that is still being worked on - it is rather complex - I just rejected the last fix as incomplete

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.