back to article Zoho users logging into other accounts by accident

Zoho users beware. There appears to be a nasty bug whereby a user logs in with their own credentials, but finds themselves logged into another user's account. I have the last couple of weeks experienced that I get logged on into another account that I do not know! I can see the other account documents. Just a few minutes ago I …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Coat

    Premise

    Premise = argument

    Premises = land/buildings etc.

    I'm a pedant I admit it.

  2. Raju Vegesna

    Zoho

    Under high load, we had a very rare race condition in a common underlying framework that caused this. Before we detected and applied a fix, our logs indicate that it impacted about 12 users.

    We immediately took down the servers immediately when we detected the issue and we put in a patch. Our engineering teams are currently working on it round the clock monitoring to ensure that it will not recur.

    We understand that our entire business is based on the user’s trust, and we are taking it very seriously.

    Raju Vegesna

    Zoho

  3. Anonymous Coward
    Thumb Down

    Race condition

    A race condition indicates to me temp files... which seems to be the wrong way to handle this... WTF are they thinking? Or am I not as smart as I think I am?

  4. AndyB
    Happy

    session id precision?

    i was working at a major uk retail bank when they first rolled out internet banking. An element of the session id was a time stamp and because the precision was too low, if two users logged on at more or less the same time they got the same session and saw the other's details. I think the incident actually made news at 10. Oh how we laughed!

  5. Anonymous Coward
    Stop

    Hmmm...

    > Before we detected and applied a fix, our logs indicate that it impacted about 12 users.

    Not to be flippant, but that's mighty good logging you have there if it actually can be used to diagnose state that is not meant to be reached in the first place.

This topic is closed for new posts.