Closed Bug 1109053 Opened 9 years ago Closed 2 years ago

p.fleetonlinesolutions.com supports Export suites, is POODLE vulnerable

Categories

(Web Compatibility :: Site Reports, defect, P5)

defect

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: gustavo, Assigned: adamopenweb, NeedInfo)

References

()

Details

(Keywords: webcompat:site-wait, Whiteboard: [sitewait])

Attachments

(3 files)

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0
Build ID: 20141013200257

Steps to reproduce:

1.Go to: https://p.fleetonlinesolutions.com/
2.Login with your creds
3.Verify that the site doesn't render properly (content misformated)


Actual results:

The site doesn't render properly - the content is misformated. Tables and menus are unusable.


Expected results:

The site should render properly.
I used the excellent mozregression tool and got this result:

16:36.38 LOG: MainThread Bisector INFO Last good revision: 40a228f74389 (2013-04-05)
16:36.38 LOG: MainThread Bisector INFO First bad revision: 768af8d8fad4 (2013-04-06)
16:36.38 LOG: MainThread Bisector INFO Pushlog:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=40a228f74389&tochange=768af8d8fad4
Attached image goodyear-bad.png
Bad rendering on recent versions of Firefox.
Attached image goodyear-good.png
OK rendering on old versions of Firefox.
I found during the bissection that in some versions Firefox would popup this message:

"Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?"

so I wonder if this is security related.

I'm attaching an archive with the html/css/js content.
I got it:

https://bugzilla.mozilla.org/show_bug.cgi?id=834836

security.mixed_content.block_active_content was set to true by default -> therefore this web portal stopped working.
I will report this to the website owner. The information on this bug will help other users of the same portal technology.
bugday-20141216 : Secure Connection Failed Error occurs for https://p.fleetonlinesolutions.com/ on firefox.
Flags: needinfo?(pratyasmitamishra)
@pratyasmitamishra@gmail.com

That website has yet another problem which is the ssl version that is considered to be unsafe and no longer accepted by default from Firefox 34 on!

So, to even reach the login screen one must set

security.tls.version.min   -> 0
Component: Untriaged → Security: PSM
Product: Firefox → Core
That site has a huge list of things wrong with it: https://www.ssllabs.com/ssltest/analyze.html?d=p.fleetonlinesolutions.com (one of which is it only uses SSL 3.0, which is not secure)
Blocks: POODLEBITE
Component: Security: PSM → Desktop
Product: Core → Tech Evangelism
Version: 33 Branch → unspecified
Morphing this bug to be specific to https://p.fleetonlinesolutions.com, because so far all comments have been specific to this site.

Regardless, the site now supports TLS 1.0 (but still has other issues).
No longer blocks: POODLEBITE
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Hardware: x86_64 → All
Summary: Goodyear Portal based on SAP Netweaver doesn't render → p.fleetonlinesolutions.com supports Export suites, is POODLE vulnerable
https://www.ssllabs.com/ssltest/analyze.html?d=p.fleetonlinesolutions.com
Still a lot of issues.

The markup of this page is… interesting. :)


SAP Netweaver Portal
It's a portal system which has its templates pre-2000 I guess
 EPCF: Component com.sap.portal.runtime.logon.certlogon, phlpeidpcfdmhelnjkcfbdfgneobpldk 

/irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/FOS_com_goodyear/prtl_std/prtl_std_nn7.css?7.2.11.0.2

The why I was looking at that is we will be able to find contact information AND on our chances to get it fixed. If not we can close it as WONTFIX.

At least the domain really belongs to Goodyear.
There is an email address for the domain name dns_admin@goodyear.com

There is a contact form 
https://corporate.goodyear.com/en-US/about/contact-goodyear-corporate.html

for customer assistance.

I will switch to contactready
feel free to contact them
and change the keyword to sitewait when done.
Whiteboard: [contactready]
I completed the contact form and provided information about this bug report. I'm not very optimistic that this will get fixed, but it's worth trying.
Assignee: nobody → astevenson
Status: NEW → ASSIGNED
Whiteboard: [contactready] → [sitewait]
Priority: -- → P5
Product: Tech Evangelism → Web Compatibility

See bug 1547409. Moving webcompat whiteboard tags to keywords.

I still get "Secure connection failed" on Firefox when accessing the site. On Chrome the site is unreachable.
https://prnt.sc/jFnJ6VH5E1Ba

Tested with:
Browser / Version: Firefox Nightly 101.0a1 (2022-04-05), Chrome 100.0.4844.84
Operating System: Windows 10 Pro

Closing the issue.

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: