Results 1 to 6 of 6

Thread: E@syfile log-in security flaw

  1. #1
    Site Caretaker Dave A's Avatar
    Join Date
    May 2006
    Location
    Durban, South Africa
    Posts
    22,649
    Thanks
    3,305
    Thanked 2,676 Times in 2,257 Posts
    Blog Entries
    12

    E@syfile log-in security flaw

    If your E@asyfile application is not up to date, here is how to enter the program without having to log in:

    When you click on E@asyfile, you will get a notice to update.
    Click Update
    The next message tells you there is an update available - do you want to update.
    Click No

    The program will go to the Application home page and you can wander around as you please without having to log in!

    Major security flaw in my opinion.
    Last edited by Dave A; 21-Nov-11 at 09:23 PM. Reason: typo

  2. Thanks given for this post:

    AndyD (21-Nov-11)

  3. #2
    Diamond Member AndyD's Avatar
    Join Date
    Jan 2010
    Location
    Cape Town
    Posts
    4,923
    Thanks
    576
    Thanked 934 Times in 755 Posts
    Hmmm, any way around a login is a security flaw.
    _______________________________________________

    _______________________________________________

  4. #3
    Site Caretaker Dave A's Avatar
    Join Date
    May 2006
    Location
    Durban, South Africa
    Posts
    22,649
    Thanks
    3,305
    Thanked 2,676 Times in 2,257 Posts
    Blog Entries
    12
    Given the serious nature of this security flaw, I've been trying to find an email address to notify SARS. Thought I may as well point out the updated certificate information bug when submitting your EMP501 while I was about it.

    Looks like I'm going to have to phone as I can't find an email address in the contact us section of Efiling or the SARS website.

  5. #4
    Full Member
    Join Date
    May 2011
    Location
    JHB
    Posts
    31
    Thanks
    1
    Thanked 2 Times in 2 Posts
    Well spotted. Their development and testing cycle has some serious flaws. I helped our bookkeeper with 3 updates/upgrades this year, and clearly none of them addressed this rather large issue.

  6. #5
    Site Caretaker Dave A's Avatar
    Join Date
    May 2006
    Location
    Durban, South Africa
    Posts
    22,649
    Thanks
    3,305
    Thanked 2,676 Times in 2,257 Posts
    Blog Entries
    12
    Well, I called and ended up sending an email to a supervisor at the PAYE call centre operation.

    I did rather feel like I was calling from Mars - they seemed totally perplexed as to what they should do with the report.
    Hopefully it will end up in the right hands...

  7. #6
    Diamond Member AndyD's Avatar
    Join Date
    Jan 2010
    Location
    Cape Town
    Posts
    4,923
    Thanks
    576
    Thanked 934 Times in 755 Posts
    It's strange they don't have a report system in place for the website but I wouldn't hold your breath Dave. I don't see them being keen to go bug squishing on what's probably one of their busiest weeks of the year for their efiling website.
    _______________________________________________

    _______________________________________________

Similar Threads

  1. CSV file for e@syfile
    By liz in forum Tax Forum
    Replies: 4
    Last Post: 22-Sep-11, 03:20 PM
  2. E@syfile Transfer question
    By KimH in forum Tax Forum
    Replies: 2
    Last Post: 16-Sep-11, 02:54 PM
  3. e@syfile-employer not so easy this year
    By Dave A in forum Tax Forum
    Replies: 3
    Last Post: 25-May-10, 04:07 PM
  4. Replies: 0
    Last Post: 17-Oct-08, 11:57 AM
  5. Replies: 0
    Last Post: 09-Jul-08, 08:15 AM

Tags for this Thread

Did you like this article? Share it with your favourite social network.

Did you like this article? Share it with your favourite social network.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •