Kryptronic Software Support Forum

dskowron · 01-20-2015 18:20:47

I have two customers with the same last name. Both use their last name in their emails, but their emails are very distinctly different. One of these people used the link to have their password sent to them. He received the other person's password. So where do I go to find the SQL statement that is apparently using a wildcard operator in it to look up the password? This is bad.

webmaster · 01-21-2015 09:22:28

I think you more likely edited the core_users table directly and somehow got the username/email info for these two users set up with the same data.

dskowron · 01-21-2015 09:30:34

webmaster wrote:
I think you more likely edited the core_users table directly and somehow got the username/email info for these two users set up with the same data.

What?? Negative. This is something that is wrong with the software. I did not edit the table! You have GOT to be kidding me!! This reply is unbelievable! Just unbelievable.

kev · 01-21-2015 13:00:17

I have customers with the same last name but their username's and email addresses are different. Have you migrated your website between servers at any time or done any exports and imports of user data. That said it probably shouldn't have mattered as the email addresses and/or usernames must be different unless the customers are related and are using the same email address.

dskowron · 01-21-2015 13:03:14

kev wrote:
I have customers with the same last name but their username's and email addresses are different. Have you migrated your website between servers at any time or done any exports and imports of user data. That said it probably shouldn't have mattered as the email addresses and/or usernames must be different unless the customers are related and are using the same email address.

We have the problem solved.

zanart · 01-21-2015 16:26:20

What was the problem?

webmaster · 01-22-2015 08:56:13

The problem was likely duplicate data in the username column in the core_users table due to manual editing, importing, etc.

Kryptronic Software Support Forum

#1 01-20-2015 18:20:47

Possible security breach - VERY BAD!!

#2 01-21-2015 09:22:28

Re: Possible security breach - VERY BAD!!

#3 01-21-2015 09:30:34

Re: Possible security breach - VERY BAD!!

webmaster wrote:

#4 01-21-2015 13:00:17

Re: Possible security breach - VERY BAD!!

#5 01-21-2015 13:03:14

Re: Possible security breach - VERY BAD!!

kev wrote:

#6 01-21-2015 16:26:20

Re: Possible security breach - VERY BAD!!

#7 01-22-2015 08:56:13

Re: Possible security breach - VERY BAD!!

Board footer