Security issue with Marketpress

dnoguero Inactive
Veteran
Just Getting Started
28
#3269

It seems that address information is being stored in a cookie which isn't cleared when the user logs out.

Here's how to reproduce it:

1. Log in as user A and run through the checkout process up until the final confirmation page.
2. Log out as user A.
3. Log in as user B, add an item to the cart then click the checkout button. The shipping information form is pre-populated with user A's information rather than user B's.

This seems like a pretty nasty security issue especially for those using public computers to use the store.

(0)