I am able to produce this bug both on custom-built Solaris builds and recent (2002/06/31) Win32 nightlies. Steps to produce: 1. Go to above PC Banking URL (https://www.pcbanking.cibc.com/english/servlet/SignOn) 2. Use 0000000000000000 as the card number 3. Use anything for a password 4. Hit "Sign In" You will not log in whether you have a valid password or not. What WILL happen is that you will end up at a completely different webpage, specifically https://www.cibc.com/solution/service/pers/home.jsp?BV_UseBVCookie=Yes&locale=en_CA&fullFrame= Which, if you back up and hover over the "HOME" image in the top right bar, you will note that this is the destination of that link, which is part of a MAP/AREA. Expected behavior: A screen on the same server telling you you've entered an invalid card/password combination.
*** Bug 149368 has been marked as a duplicate of this bug. ***
Er... meant 2002/05/31 nightlies, obviously.
When I use UABar with Mozilla, and spoof IE, it still behaves the same. When I employ konqueror, spoofing Mozilla, it DOES let me in. Not that there aren't other ways of browser sniffing, but if any is going on, its not doing it based on the User-Agent string. I should probably also mention that CIBC DID allow Mozilla users into the PC Banking service, up until about a month and a half ago. It is quite reasonable to think that an "unacceptable" browser would be sent to the Home link, though the site does present a warning if you do so using unspoofed Konqueror, and one would HOPE that CIBC webmonkeys would know better than to use silent failures... (far be it for me to attempt to fathom their thought processes...) I'm still looking into this myself to see if I can figure out what's going on.
OK, I finally managed to find a very old (November) build of Moz, and it behaves the same way. I can't find further reason to think this is Moz's fault, sorry about that. Hopefully CIBC will take a less schitzo approach after the release of NS7.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.