Announcement

Collapse

Information Needed

See more
See less

Possible Security Issue - Registrant Seeing others Data

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Possible Security Issue - Registrant Seeing others Data

    Hello,
    We had a case this AM of one registrant getting others attendees and it appears the payments were credited incorrectly. AS I have looked into it it seems to have happened in another case too. These registrants are then looking at other folks data. HOw serious is this? Do I need to pull the site down? IS it possible that credit card has been compromised? Can you help fix this?

    I have included the message for the registrant below with the family names removed. I have another case that I can share with you but not in a public forum.

    Thanks,
    Tom

    Message Body:
    when placing my order to buy 2 adult ticks one child and 2 infant tickets the website froze. I was able to add all 3 kids names but it froze when selecting the half price adult and reg price adult. I clicked on them to see if anything would happen. My total was correct but when I printed the receipt 3 names of people I don't even know appeared. trans # 556659412 adult should be ______ and ________, child, ____, infants __________. Please advise ASAP

    This is the other parents experience with the site (i have removed the names to protect privacy):

    I will tell you that when I went in to purchase tickets I was able to choose the child ticket and input daughters name, then I chose the 1/2 price adult ticket and put in my name, when I went to add the full price adult ticket for husband the system froze and the screen had a greyish image over it and when I tried to click the x to get rid of the greyish image it froze and I wasn't able to proceed any further. I tried several times to click the x and nothing would happen. So I closed my browser and went back in to try to buy tickets again. When I did the cart already said I had $15 in my total but didn't list any names. I put in daughter and myself again so the names would be in the bottom attendees list and also was able to put in husband finally but now the total was $50 which wasn't correct. So I clicked the x next to daughter and my names to delete them and therefore reduce the total to $25 which was the correct total for 2 adults and 1 child. Only Husbands name was showing in the bottom portion. When I finalized my transaction and paid and got my email receipt it listed other unrelated person, unrelated person and husband as the attendees which wasn't correct. Hope this explanation helps your software developers pinpoint the issue. Thanks!
    Last edited by [email protected]; 03-23-2014, 09:36 AM.

  • #2
    Good day!

    This naturally is a security concern but we the application is in use and has been tested extensively for security. It may be that you have assigned wrong permissions in the post-installation.

    May I ask you to grant us access so we can review your settings.

    How to grant access: http://forums.clickandpledge.com/showthread.php?t=1065

    As for credit card information - that is impossible for it to be compromised since there is nothing there to be compromised. No credit card information is ever saved anywhere in Salesforce or our database. We simply don't store that information so it being compromised is absolutely impossible.

    Once we have access to your account we will review it and let you know.
    Regards,
    Click & Pledge Support Department

    On Salesforce? Help us by rating our app: Click & Pledge Donor Management on AppExchange

    Join us @ the educational webinars: https://clickandpledge.com/webinars/
    Live Support available Join between 3:00 - 3:30 p.m. ET Monday - Thursday: https://clickandpledge.com/webinars/
    Are you on Salesforce? Join us at the Power of Us Hub: https://powerofus.force.com/0F980000000CjpC

    Comment


    • #3
      Hello,
      Thanks for your prompt reply.
      I have granted access for three days.
      Our Organization ID is: 00D80000000cmCN
      Thanks,
      Tom

      Comment


      • #4
        Good day Tom,

        Quick question- are you using Event 1.x or 2.x?

        In event 1.x we provide a link to the event which redirects to a session - the session link should NOT be used as that is a shared session. The link we provide should be used.

        Please send me the link to your event also.
        Regards,
        Click & Pledge Support Department

        On Salesforce? Help us by rating our app: Click & Pledge Donor Management on AppExchange

        Join us @ the educational webinars: https://clickandpledge.com/webinars/
        Live Support available Join between 3:00 - 3:30 p.m. ET Monday - Thursday: https://clickandpledge.com/webinars/
        Are you on Salesforce? Join us at the Power of Us Hub: https://powerofus.force.com/0F980000000CjpC

        Comment


        • #5
          Good day again!

          I tried to login to your account but we don't have any login access granted.

          Please double check and make sure you have granted us access. As of this writing I don't have login access.
          Regards,
          Click & Pledge Support Department

          On Salesforce? Help us by rating our app: Click & Pledge Donor Management on AppExchange

          Join us @ the educational webinars: https://clickandpledge.com/webinars/
          Live Support available Join between 3:00 - 3:30 p.m. ET Monday - Thursday: https://clickandpledge.com/webinars/
          Are you on Salesforce? Join us at the Power of Us Hub: https://powerofus.force.com/0F980000000CjpC

          Comment


          • #6
            The access grant changes did not save, they are active now and you should be able to get into the account.
            The event that we are havign issues with is here: http://campketcha.force.com/events/C...1_Opening_Page
            Where should I get the link for the event if this is not the correct link to be using?

            Comment


            • #7
              Hello
              We are using 2.3009 as the version of Events.
              I have resaved the access grant to our salesforce account and it is valid for three days.
              This is the link to the event that is cause the issue: http://campketcha.force.com/events/C...1_Opening_Page

              If this is not the correct link then where should I get the correct link?

              Thanks
              Tom

              Comment


              • #8
                Tom,

                I reviewed your instance and Yes you have upgraded to the latest release but NO you are not using event 2.x events. You are still using event 1.x events. I can see it from where I see your events listed.

                Event 2.x events are designed in the event 2.x interface: https://cnp-paas-evt.na8.visual.forc...1rC0000000HJye

                I am sure that your links are wrong - the link should be copied and pasted from the Event site (see image below). When the event is visited, to ensure site consistency we set up a session and that session is saved for a registration. In event 2.x we no longer use several pages as it is all in 1 page and no sessions are used but in 1.x design it was using multiple pages with the option to skip a page.

                Please change your links immediately to what is shown below:

                Click image for larger version

Name:	Event-Link.jpg
Views:	1
Size:	81.6 KB
ID:	15425

                Let me know the site where you have placed the link so I can verify your links.
                Regards,
                Click & Pledge Support Department

                On Salesforce? Help us by rating our app: Click & Pledge Donor Management on AppExchange

                Join us @ the educational webinars: https://clickandpledge.com/webinars/
                Live Support available Join between 3:00 - 3:30 p.m. ET Monday - Thursday: https://clickandpledge.com/webinars/
                Are you on Salesforce? Join us at the Power of Us Hub: https://powerofus.force.com/0F980000000CjpC

                Comment


                • #9
                  Oh one more observation.

                  Your links should be changed to the following:

                  https://campketcha.secure.force.com/events/CnP_PaaS_EVT__EventRegistration_1?event_id=a0LC000 000osTWL&pagename=Page1_Opening_Page&Temp=Cookie

                  You are missing the .secure. and as such you will get the security warning.
                  Regards,
                  Click & Pledge Support Department

                  On Salesforce? Help us by rating our app: Click & Pledge Donor Management on AppExchange

                  Join us @ the educational webinars: https://clickandpledge.com/webinars/
                  Live Support available Join between 3:00 - 3:30 p.m. ET Monday - Thursday: https://clickandpledge.com/webinars/
                  Are you on Salesforce? Join us at the Power of Us Hub: https://powerofus.force.com/0F980000000CjpC

                  Comment


                  • #10
                    Thanks I will work on this immediately. How do I get to events 2.x?

                    Comment


                    • #11
                      Tom,

                      If you want, to make your life easier, we can move all your events & copy them to 2.x.

                      One of our test engineers can copy the event and set it up for you. With 2.x events you have a lot more flexibility in design and so much more capability.

                      Let me know if you wish for us to copy your events. Please give us access for a week so we can make sure we finish it before running out of time.
                      Regards,
                      Click & Pledge Support Department

                      On Salesforce? Help us by rating our app: Click & Pledge Donor Management on AppExchange

                      Join us @ the educational webinars: https://clickandpledge.com/webinars/
                      Live Support available Join between 3:00 - 3:30 p.m. ET Monday - Thursday: https://clickandpledge.com/webinars/
                      Are you on Salesforce? Join us at the Power of Us Hub: https://powerofus.force.com/0F980000000CjpC

                      Comment

                      Working...
                      X