Recent searches
No recent searches
[ARCHIVED] Stop rating submission by link checkers / Anti-virus systems
Posted Mar 09, 2020
Hi,
There is a need to fix the vulnerability poised by the Zendesk ticket rating URL/page. An interceptor page can submit rating on user's behalf without user's consent. Rating is submitted for the last of the two rating links, which mostly is for 'Bad' rating. While it impacts rating calculation, it can be exploited by the organisations to get +ve ratting by simply switching the position of the two rating URLs, i.e. placing +ve rating link afterwards.
A workaround by Zendesk (https://support.zendesk.com/hc/en-us/articles/115012836948-Why-am-I-receiving-unexpected-bad-satisfaction-ratings-) says that please replace the rating placeholders, specific to rating type to one that doe snot pre-select rating, when clicked, which defies the purpose of having two separate links in ticket.
A permanent solution should be provided by Zendesk, e.g. captcha etc. to solve this problem.
1
2 comments
Inon Rousso
I had the same issue, started about 2 months ago.
I was told by ZD support to change the placeholders to "{{satisfaction.rating_url}}" instead of
"{{satisfaction.rating_section}}"
0
Devan La Spisa
Hello @...,
Thanks for sharing! Just to confirm, did implementing this fix resolve your issue?
Best regards.
0