Main Navigation

Zen Internet Support Forum

Welcome to the Zen Internet community support forums.

Before posting we recommend you search our
extensive Knowledge Base or the forum archives
as an answer to your query may already be available.

Welcome to Zen Internet Support Forum Sign in | Join | Help

Forums

Forum Rules

Zen Internet Support Forum » Services » Customer Portal » Insecure Portal Login

Insecure Portal Login

Last post 26-02-2008, 6:51 PM by renegade. 5 replies.


	Sort Posts: Previous Next

25-02-2008, 11:12 AM 29848

brainsys
Joined on 09-03-2006
Posts 78

Insecure Portal Login

Reply Quote

The portal login doesn't appear to use normal login procedures. Which is presumably why I can't store logins in my browser and why I can't login at all from my Nokia 9300i browser - which is, perhaps, taking security too far.

But then this morning I timed out and clicked on the re-sign in link. This time I didn't have to fill in the email address. It was already there. Problem was - it wasn't mine! It was j.dennison@xxxxxxgroup.com (xxxxxx to protect the user and what would be my first attempt at a password)

This was using Firefox 2.0.0.12 on a Kubuntu 7.10 system.

Report abuse

25-02-2008, 11:37 AM 29849 in reply to 29848

reidca
Joined on 21-07-2005
Posts 86

Re: Insecure Portal Login

Reply Quote

Thanks for reporting this. We are aware of an issue and are investigating.

Systems Development
Zen Internet Ltd

Report abuse

25-02-2008, 4:39 PM 29852 in reply to 29849

reidca
Joined on 21-07-2005
Posts 86

Re: Insecure Portal Login

Reply Quote

Thank you for reporting this issues. The issue has been investigated, a problem was found and it has now been resolved.

The issue was regarding the session timeout link, which under certain circumstances was showing a previously logged in users email address in the sign-in details box instead of the user that timed out.

We must stress that at no point was anyone's portal account made available to another user unless that user's password was known.

Regards

Carl

Systems Development
Zen Internet Ltd

Report abuse

26-02-2008, 1:12 PM 29859 in reply to 29852

Fino
Joined on 26-02-2008
Posts 1

Re: Insecure Portal Login

Reply Quote

I was just looking for the appropriate place to report this myself, and came across this post - just 10 minutes ago this issue was still there, so I'm not sure if it has been resolved.

I browsed to a portal page in my history, that told me my session had timed out after 20 minutes, then I clicked on the sign-in link on that page which took me to the login page that had another person's email addresses automatically fixed in the login box. I done it again to see if I'd done something wrong but it happened again with another person's email address. Clicking on the sign-in link down the left hand navigation worked as expected, allowing me to login as myself.

Report abuse

26-02-2008, 3:15 PM 29863 in reply to 29859

Phil Long
Joined on 25-05-2004
Posts 895

Re: Insecure Portal Login

Reply Quote

Hi,

If the history pages are from the period when the fault was present you will see this behaviour. However, if your history pages are from after the point Carl announced the issue as resolved the problem shouldn't be present. Clearing your history or replacing any bookmarks made prior to the fix should prevent a reoccurrance.

kind regards,
Phil D.Long

--
Phil Long
Technical Support Manager - Zen Internet Ltd.

Report abuse

26-02-2008, 6:51 PM 29864 in reply to 29863

renegade
Joined on 29-07-2007
Posts 25

Re: Insecure Portal Login

Reply Quote

I edited this as I have fixed the said problem :)

Report abuse