|
-
February 9th, 2005, 04:44 AM
#1
Watchfire: unauthorized login?
I'm totally confused by this one 
For one of my classes, we had to get some data from GomezPro ( https://www.watchfire.com/gomezpro/login.aspx ). For non-subscribers, only partial data is available. By accident (really!) I hit the "Submit" button in the Customer Login box without filling out a username/password. The thing logged me in, saying "Welcome Marne Gabay of HSBC". Oooookkkkk.... I'm not sure if Mr. Gabay would appreciate that. It worked a week ago, and it still works (on both our laptops and a desktop) - only works in Firefox, though... IE gives a "Not a valid login", the way it's supposed to be.
I sent them a couple of e-mails - check out what that company does: http://www.watchfire.com/services/default.aspx - they help other companies secure their online presence 
Never heard back from them, so here I am... any idea on why/how? Anyone able to reproduce this?
-
February 9th, 2005, 04:50 AM
#2
Welcome Marne Gabay of HSBC.
Reproduced using Foxfire 1.0. I mailed them too.
Even a broken watch is correct twice a day.
Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!
-
February 9th, 2005, 04:54 AM
#3
Thanks! That rules out IP-mixups, I guess...
I tried everything I could to contact them, and have been for over a week - including asking for a representative to call me about their products... I refuse to call them, though, cause I'm not going to pay long-distance if they're too lazy
-
February 9th, 2005, 04:56 AM
#4
screw 'em. if they want bugs on their site that's their business. we both did the ethical thing by notifying site support.
this flu is kicking my ass. pardon my lack of the usual verbose geniality.
Even a broken watch is correct twice a day.
Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!
-
February 9th, 2005, 05:05 AM
#5
I just tried it also.....and
Customer Login:
Welcome Marne Gabay of HSBC.
That was with firefox 1.0 also. But I am not going to mail them about it.....if they haven't had the courtesy to answer you guys, I am not going to waste my time.
[edit] Just a thought....you don't suppose that this Marne Gabay registered with a blank username and blank password . Security by oblivian.
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
February 9th, 2005, 05:08 AM
#6
got the same as you guys. im gonna email them.
-
February 9th, 2005, 05:13 AM
#7
From the delerium comes a weird thought:
What if it's a honeypot setup? Nah.. couldn't be that easy and surely they would've responded to our emails if it were...
Even a broken watch is correct twice a day.
Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!
-
February 9th, 2005, 05:19 AM
#8
Honey pot is a possibility, but I doubt it. I did some further navigation, and when you try going to the "customer portal" section it will ask again for the username and password. But this time you actually need to put on in.
-
February 9th, 2005, 07:03 PM
#9
I got a response from their support team, they said they have fixed the issue. I tesed it and they are correct.
-
February 9th, 2005, 07:15 PM
#10
Heh... they could have told me that a week ago.. why didn't they email me back? 
It's indeed fixed now... I got everything I needed, though
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote