Zoho users logging into other accounts by accident
Zoho users beware. There appears to be a nasty bug whereby a user logs in with their own credentials, but finds themselves logged into another user's account.
I have the last couple of weeks experienced that I get logged on into another account that I do not know! I can see the other account documents. Just a few minutes ago I …
This topic is closed for new posts.
Posted Friday 30th November 2007 20:07 GMT
Anonymous Coward
Premise
#
Premise = argument
Premises = land/buildings etc.
I'm a pedant I admit it.
Posted Saturday 1st December 2007 00:20 GMT
Raju Vegesna
Zoho
#
Under high load, we had a very rare race condition in a common underlying framework that caused this. Before we detected and applied a fix, our logs indicate that it impacted about 12 users.
We immediately took down the servers immediately when we detected the issue and we put in a patch. Our engineering teams are currently working on it round the clock monitoring to ensure that it will not recur.
We understand that our entire business is based on the user’s trust, and we are taking it very seriously.
Raju Vegesna
Zoho
Posted Saturday 1st December 2007 00:20 GMT
Anonymous Coward
Race condition
#
A race condition indicates to me temp files... which seems to be the wrong way to handle this... WTF are they thinking? Or am I not as smart as I think I am?
Posted Sunday 2nd December 2007 12:10 GMT
AndyB
session id precision?
#
i was working at a major uk retail bank when they first rolled out internet banking. An element of the session id was a time stamp and because the precision was too low, if two users logged on at more or less the same time they got the same session and saw the other's details. I think the incident actually made news at 10. Oh how we laughed!
Posted Monday 3rd December 2007 04:33 GMT
Anonymous Coward
Hmmm...
#
> Before we detected and applied a fix, our logs indicate that it impacted about 12 users.
Not to be flippant, but that's mighty good logging you have there if it actually can be used to diagnose state that is not meant to be reached in the first place.
This topic is closed for new posts.
Back to the article
Transforming IT culture
Driving Situational Awareness:
Application Performance Management:
Ensuring service assurance in the new normal
