Important Notice from AspDotNetStorefront
It is with dismay that we report that we have been forced, through the action of hackers, to shut off write-access to this forum. We are keen to leave the wealth of material available to you for research. We have opened a new forum from which our community of users can seek help, support and advice from us and from each other. To post a new question to our community, please visit: http://forums.vortx.com
Results 1 to 2 of 2

Thread: Serious security issue

  1. 02-18-2010, 02:12 AM #1
    deanfp is offline Senior Member
    Join Date
    May 2009
    Location
    Sweden
    Posts
    556

    Default Serious security issue

    Hi

    I was notified by a customer who registered on out website today. They created an account only to see another persons address in their account.

    I myself created a test account and the same thing happened. I have gone through the SQL tables and cannot see how this can be linked. Has this ever been reported before and how can we fix this. It's a serious error.

    I've spoken to all who have access to StoreFront and nobody has changed anything that could possibly cause this. Does anyone know what possible SQL tables this has affected?

    So far I've looked at

    Address
    Customer

    All the details look correct in that the test account I created looks fine but it's linking to another persons file.

    Thanks
  2. 02-18-2010, 03:45 AM #2
    John Reasons is offline Senior Member
    Join Date
    Oct 2009
    Posts
    119

    Default

    Please submit a ticket to support for this issue. It is quite possible that there was a record created for customer record 0 which is getting transferred to full customer record when the customer registered. Though we will need to take a look. This is not behavior we normally see.