Thread: New Harbor Freight website has MAJOR security hole!!!
View Single Post
  #8   Report Post  
Posted to rec.crafts.metalworking
Ignoramus9191 Ignoramus9191 is offline
external usenet poster
  
Posts: 12
Default New Harbor Freight website has MAJOR security hole!!!
On 2010-04-30, Steve W. wrote:
Bob La Londe wrote:
"Steve W." wrote in message
...
DO NOT USE IT!!!!

I went there and looked it over. Yes it's slow. They have a notice that
if you had an account prior to the 19 you need to sign up for a new one.

I clicked the account button to create a new account.

Instead of getting any type of account log in or sign-up page I was sent
to the account of a person who lives in the 914 area of NY. It listed
the name,address,phone numbers and recent orders for this person.

Thinking this was a glitch I tried to exit and reload the page.
It brought up a new page with the account information of a person in
Wisconsin!

I closed down the browser, flushed the memory and went back to the site
to see if I could get in. Went to the same "secure" section of the site
and tried the account button again. It took me to yet another members
account information!

I just sent the customer service an E-mail about it but don't know if
they will take action.

They will I am sure.

It's a nice looking website. More clean and professional rather than
industrial looking. The search function works better. Now if they
would just add all the service and repair parts from the master
catalog. That was the main thing I found lacking in the old cart
system. They had never done all the data entry for all the repair and
service parts. You could search by item number if you knew it, but if
you didn't it was impossible to find via the site.

Some folks may not like the clean and professional look now. The old
cart system had that rough oily feel of actually being in a Harbor
Freight store. You could almost smell the machine oil and the
cosmoline. I kinda liked that. Then I think a shop that doesn't smell
of oil, old varnishes, and spilled paint just isn't a shop.





Got an Email reply from them. Seems that they tested the site and found
the same thing I did. The message said they were putting the site on
maintainance mode to test it more. Haven't tried it again but last night
I could pull up random names just about every time.


I think that what happens is that they give everyone the same cookie
(one cookie value given to everyone).

i
Reply With QuoteReply With Quote