Author Topic: New user registration overwrote admin account  (Read 1144 times)

hal9000_2001

  • Beginner
  • *
  • Posts: 8
New user registration overwrote admin account
« on: June 19, 2009, 07:23:51 am »
I had a collegue register on a store we have under development and the strangest thing happened. His new registration overwrote the "admin" username and password.

I only discovered this when I could'nt log in admin. Thankfully I had another Super User account and found that the ID 62 (admin) had his username assigned to it, his account had my details on ID 68.

Anyone seen this before? Is it a bug? This has some security implications if someone can take advantage of it.

Versions J1.5.9 VM 1.1.2 (used jommla ecommerce version).

I have already patched to the lastest versions since that happened

Thanks for reading

KDM-Tony

  • Beginner
  • *
  • Posts: 7
Re: New user registration overwrote admin account
« Reply #1 on: June 19, 2009, 17:47:21 pm »
We are having the same issue on the site www.waterionizerauthority.com. This happened to our admin account today also, but the problem was noticed about three days ago.

Here's the example of what we found:

We go to List Orders and look at Order # xxxxx659, the customer is Mr. Smith. He is a new customer registered on June 15th. When you click on his name next to the order number or the order# itself, his account comes up fine.

Now we go back to List Orders and look at Order # xxxxx607. The name next to it is Mrs.Jones. When you click on the Order #, the order comes up with the proper information for Mrs Jones. When you got back to List Orders and click her name next to that Order #, the information for Mr. Smith appears.

If you search for Mrs. Jones in Virtuemart Users or in Joomla's User Manager, her account does not appear anymore. Mrs. Jones was a previous customer and should have an account in both VM and Joomla. If you try to re-register or re-create Mrs. Jones's account, you cannot.

In addition, both orders Mrs. Jones's and Mr. Smith's appear under Mr. Smith. This appears to happen as new customers are added to the site, so all of the records are being affected.

About a month ago, the site was migrated and VM was upgraded from 1.1.1 to the current version. The site was running on an older version of Joomla! which has since been updated also. The issue appears to have started after the updates, but we are not sure.

This happened with another account and we ended up changing the information in the newer account so we could process a new order for the return client.

The problem is currently unresolved and we need help too.