Watchfire: unauthorized login?
Results 1 to 10 of 10

Thread: Watchfire: unauthorized login?

  1. #1
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429

    Watchfire: unauthorized login?

    I'm totally confused by this one

    For one of my classes, we had to get some data from GomezPro ( https://www.watchfire.com/gomezpro/login.aspx ). For non-subscribers, only partial data is available. By accident (really!) I hit the "Submit" button in the Customer Login box without filling out a username/password. The thing logged me in, saying "Welcome Marne Gabay of HSBC". Oooookkkkk.... I'm not sure if Mr. Gabay would appreciate that. It worked a week ago, and it still works (on both our laptops and a desktop) - only works in Firefox, though... IE gives a "Not a valid login", the way it's supposed to be.

    I sent them a couple of e-mails - check out what that company does: http://www.watchfire.com/services/default.aspx - they help other companies secure their online presence

    Never heard back from them, so here I am... any idea on why/how? Anyone able to reproduce this?

  2. #2
    ********** |ceWriterguy
    Join Date
    Aug 2004
    Posts
    1,608
    Welcome Marne Gabay of HSBC.
    Reproduced using Foxfire 1.0. I mailed them too.
    Even a broken watch is correct twice a day.

    Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!

  3. #3
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    Thanks! That rules out IP-mixups, I guess...
    I tried everything I could to contact them, and have been for over a week - including asking for a representative to call me about their products... I refuse to call them, though, cause I'm not going to pay long-distance if they're too lazy

  4. #4
    ********** |ceWriterguy
    Join Date
    Aug 2004
    Posts
    1,608
    screw 'em. if they want bugs on their site that's their business. we both did the ethical thing by notifying site support.

    this flu is kicking my ass. pardon my lack of the usual verbose geniality.
    Even a broken watch is correct twice a day.

    Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!

  5. #5
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    I just tried it also.....and
    Customer Login:

    Welcome Marne Gabay of HSBC.
    That was with firefox 1.0 also. But I am not going to mail them about it.....if they haven't had the courtesy to answer you guys, I am not going to waste my time.

    [edit] Just a thought....you don't suppose that this Marne Gabay registered with a blank username and blank password . Security by oblivian.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  6. #6
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    got the same as you guys. im gonna email them.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  7. #7
    ********** |ceWriterguy
    Join Date
    Aug 2004
    Posts
    1,608
    From the delerium comes a weird thought:

    What if it's a honeypot setup? Nah.. couldn't be that easy and surely they would've responded to our emails if it were...
    Even a broken watch is correct twice a day.

    Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!

  8. #8
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    Honey pot is a possibility, but I doubt it. I did some further navigation, and when you try going to the "customer portal" section it will ask again for the username and password. But this time you actually need to put on in.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  9. #9
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    I got a response from their support team, they said they have fixed the issue. I tesed it and they are correct.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  10. #10
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    Heh... they could have told me that a week ago.. why didn't they email me back?

    It's indeed fixed now... I got everything I needed, though

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •