I pressed a link to a sedo auction, and not only did it take me to the auction, it also logged me into the sellers account where I was free to browse his domains or do whatever I liked with his account.
=Screenshot removed at the request of Sedo=
Now that's what I call security
Suppose posting the Session ID in the link didn't help
