E@syfile log-in security flaw

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Dave A
    Site Caretaker

    • May 2006
    • 22803
    #1

    E@syfile log-in security flaw

    If your E@asyfile application is not up to date, here is how to enter the program without having to log in:

    When you click on E@asyfile, you will get a notice to update.
    Click Update
    The next message tells you there is an update available - do you want to update.
    Click No

    The program will go to the Application home page and you can wander around as you please without having to log in!

    Major security flaw in my opinion.
    Last edited by Dave A; 21-Nov-11, 09:23 PM. Reason: typo
    Participation is voluntary.

    Alcocks Electrical Services | Alcocks Pest Control & Entomological Services | Alcocks Hygiene Services
    Tags: e@asyfile, security flaw
    • AndyD
      Diamond Member

      • Jan 2010
      • 4946
      #2
      Hmmm, any way around a login is a security flaw.
      _______________________________________________

      _______________________________________________

        Comment

        • Dave A
          Site Caretaker

          • May 2006
          • 22803
          #3
          Given the serious nature of this security flaw, I've been trying to find an email address to notify SARS. Thought I may as well point out the updated certificate information bug when submitting your EMP501 while I was about it.

          Looks like I'm going to have to phone as I can't find an email address in the contact us section of Efiling or the SARS website.
          Participation is voluntary.

          Alcocks Electrical Services | Alcocks Pest Control & Entomological Services | Alcocks Hygiene Services

            Comment

            • Slippy
              Full Member
              • May 2011
              • 31
              #4
              Well spotted. Their development and testing cycle has some serious flaws. I helped our bookkeeper with 3 updates/upgrades this year, and clearly none of them addressed this rather large issue.

                Comment

                • Dave A
                  Site Caretaker

                  • May 2006
                  • 22803
                  #5
                  Well, I called and ended up sending an email to a supervisor at the PAYE call centre operation.

                  I did rather feel like I was calling from Mars - they seemed totally perplexed as to what they should do with the report.
                  Hopefully it will end up in the right hands...
                  Participation is voluntary.

                  Alcocks Electrical Services | Alcocks Pest Control & Entomological Services | Alcocks Hygiene Services

                    Comment

                    • AndyD
                      Diamond Member

                      • Jan 2010
                      • 4946
                      #6
                      It's strange they don't have a report system in place for the website but I wouldn't hold your breath Dave. I don't see them being keen to go bug squishing on what's probably one of their busiest weeks of the year for their efiling website.
                      _______________________________________________

                      _______________________________________________

                        Comment

                        Previous template Next
                        Working...

                        We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                        By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                        I Agree