Serious security problem

Discussion in 'Installation and "How-To" Questions' started by Wintermute, Jul 11, 2006.

  1. Wintermute

    Wintermute Mega Poster

    Messages:
    119
    Trying top test out our store before it goes live..

    Had the customer CC info so I went ahead and walked through an actual order..

    First off...


    In the first section (1)
    it asks

    1 create a new business account
    2 create a new personal account


    if I select 2 it has all of MY (admin) info in there..
    This should NOT appear. If I proceed thourgh the order
    it does create the site in the plesk VPS. It does process the CC and charge it but now that customer is an ADMIN on my HSP!

    How can someone place an order on my site and then be super user ? When I tried to log in with my credentials to the HSP/pcc section I could not..
    basically the order WIPED out my info and replaced it with this customers...

    I had to log in as the customer ..change the info back. Manually delete the domain and create it manually under the plesk node...
    this ofcourse defeats the purpose of the HSP store..

    further...

    I went to try this again..
    then in the same section

    it now asks:

    1 create a new business account
    2 Use the John Smith personal account

    Now the customer name appears under the store..
    so will every new customer see the account info for the previous
    customer ? and be able to create accounts under that cusomter ? What a MESS!

    Help please!

    HSP build is 3.2.2-43

    Winter
     
  2. blinov

    blinov Guest

    Hi, Winter

    Most probably this happens because you're logged in as admin
    in another window of your browser. For example, Internet Explorer shares session information between browser windows. That's why online store automatically logs you in as administrator person an offers you to create a customer account. Please note, that such thing will NEVER HAPPEN to your customer's, 'cause they do not have admin log in credentials :)
    In order to test your online store you may ether:
    * Test it in another browser or
    * Log out from Provider and(or) Reseller control centers first and then test the store.

    Regards,
    Alex.
     
  3. Wintermute

    Wintermute Mega Poster

    Messages:
    119
    Just following up to help anyone else that had this problem...

    you were correct :)

    ~Winter
     

Share This Page