Hi Sumit, You're providing little information to go on with. Can you at least provide some server logs, the context on which this happened, users feedback, the environment in which the system is running, which screen, customization done to the framework?
Taher Alkhateeb On Jul 29, 2015 5:07 PM, "Sumit Pandit" <meetsumit...@gmail.com> wrote: > Hi All, > Recently for one of the client's deployment, I am getting a serious > security issue - > > Some of frontend customers has reported that when they had login to site > then the it was opened as loggedin with different user account. And they > were able to access "my account" of that user. > > I can confirm that > 1. there is no close network connection between both of the customers (one > who was accessing the site & one whose account has opened). > 2. Both user has different username exist in system. > 3. The account which was showing as logged in, has not accessed the site > since long. > > This issue has reported by many users and causing serious problems. > > Can someone help me by giving any clue why it is happening? Any solution? > > -- > Thanks and Regards > Sumit Pandit >
