Accounts crossed up; security risk

  • Profile Image
    Asked on December 31, 2012 at 01:37 PM

    Hi, folks,

    My Jotform account (user: MrPoetry, I think) seems to be crossed up with someone else’s Jotform account. I’m receiving test e-mails for a form (id: 23643157231145) that isn’t mine.

    Also, I had to abandon using Jotform for a secure form I was working on, because of a strange and disturbing occurance:

    1. I hit “Back” on my browser (Firefox 16-ish)
    2. I was suddenly in someone else’s Jotform account
    3. I logged out immediately, and logged back in to my account.

    This occurance told me that it is theoretically possible for another Jotform user to find himself suddenly in *my* account. And though I believe that the vast majority of users would do as I did -- log out immediately -- I can’t take that risk with my customers’ passport numbers and birthdates. Just letting you know of the problem; I implemented a hard copy, mail-in .PDF form instead.

    - Mark

  • Profile Image
    Answered on December 31, 2012 at 01:55 PM

    A similar problem exists when you sign out of one Jotform account and sign into another. The two accounts begin to merge/meld in odd ways. I reported this and Jotform's response was, to paraphrase, that it was too uncommon a situation to worry about. Uncomfortable to say the least.


  • Profile Image
    Answered on December 31, 2012 at 08:52 PM

    @Masalmedia,  problem described by guest_23637268013048 are not the same, in your case you have 2 accounts and posted a question with your previous session, which might have been a browser related issue.

    On guest_23637268013048 case the problem is that Form ID: 23643157231145   was created into a guest account which is linked to info@upl*** , so you probably created 2 forms without loggin into your registered account  MrPoetry

    Can you confirm that such email address belongs to you?. The forms were just created (1 yesterday, and the other one today)

    As shown on this snapshot

    I even can see both accounts were created from the SAME IP ADDRESS


    So DEFINITELY, this is NOT an issue with our security , which in fact is a VERY good one, as thousands of happy customer have proved this