Coupons have a serious Security Flaw

JohnBiggsJohnBiggs Registered Users Posts: 841 Major grins
edited February 28, 2010 in Bug Reporting
Site: Biggstudios.com

Details:

I created an at cost coupon with a limit of one use. The person I gave the coupon to was able to use it 2 times. Worse than that, the coupon still shows it has not been used at all. It says 0 of 1 Usage and $0.00 total. So this person could start giving it away and there is no control.
Canon Gear: 5D MkII, 30D, 85 1.2 L, 70-200 2.8 IS L, 17-40mm f4 L, 50 1.4, 580EX, 2x 580EXII, Canon 1.4x TC, 300 f4 IS L, 100mm 2.8 Macro, 100-400 IS L
Other Gear: Olympus E-PL1, Pan 20 1.7, Fuji 3D Camera, Lensbaby 2.0, Tamron 28-75 2.8, Alien Bees lighting, CyberSyncs, Domke, HONL, FlipIt.
~ Gear Pictures

Comments

  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited February 27, 2010
    JohnBiggs wrote:
    Site: Biggstudios.com

    Details:

    I created an at cost coupon with a limit of one use. The person I gave the coupon to was able to use it 2 times. Worse than that, the coupon still shows it has not been used at all. It says 0 of 1 Usage and $0.00 total. So this person could start giving it away and there is no control.

    John, please write our Support Heroes with the order#s and the coupon name. And all other pertinent details. We've designed the system for this not to be the case, we'll investigate. Please put ATTN: Doc on the email, thanks.
    Andy

    PortfolioWorkshopsFacebookTwitter
  • JohnBiggsJohnBiggs Registered Users Posts: 841 Major grins
    edited February 28, 2010
    Andy,

    I've written to the support line already. This is the answer I recieved. Though no further response was made. For a flaw this serious I would have expected an immediate fix as this can cost photographers thousands of dollars.

    Hi John,

    Thanks for contacting SmugMug.

    I'm seeing Orders 1428866 and 1428708 for XXXXX XXXXX, both placed today, both using this coupon: AtCost99

    And I see in your Control Panel that this coupon does indeed does indeed have a maximum use of one time. :(

    I'm so sorry John, I'm not sure what's causing the trouble here but we will most certainly investigate this.
    I would expire the coupon today, so that it can't be used again.
    If you need anything else, please let us know.

    Take care,
    Wendee
    Support Hero
    Canon Gear: 5D MkII, 30D, 85 1.2 L, 70-200 2.8 IS L, 17-40mm f4 L, 50 1.4, 580EX, 2x 580EXII, Canon 1.4x TC, 300 f4 IS L, 100mm 2.8 Macro, 100-400 IS L
    Other Gear: Olympus E-PL1, Pan 20 1.7, Fuji 3D Camera, Lensbaby 2.0, Tamron 28-75 2.8, Alien Bees lighting, CyberSyncs, Domke, HONL, FlipIt.
    ~ Gear Pictures
  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited February 28, 2010
    JohnBiggs wrote:
    Andy,

    I've written to the support line already.
    I'm investigating with Doc our bug expert right now. He'll reply to you. We have to replicate this and then if it's validated internally, then we can fix it. Until then, please know we take these things very seriously and we're working on the issue right now.
    Andy

    PortfolioWorkshopsFacebookTwitter
  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited February 28, 2010
    Sorry - I phoned our engineer and this has been fixed internally and will go out in our next release, very soon. We'll post it in release notes. You'll want to subscribe to our Release Notes blog, so that you don't miss a single update from SmugMug -- http://blogs.smugmug.com/release-notes/ at the bottom, there's a link for Entries (RSS) - put that in your favorite feed reader.

    John, if you need recompense on this order write me at the help desk, ATTN: Andy
    Andy

    PortfolioWorkshopsFacebookTwitter
Sign In or Register to comment.