Huge security Bug

[someguy]

If you are using authorize.net and someone places a order using credit card number 4111111111111111 authorize.net will email an approval and the cart will accept the order. Anyone else notice this?

[Mark Evans]

Anyone else notice this?

 

If you take it out of test mode then the card should be rejected!!

 

If not speak to authorize.net :)

[rstn123]

Its not in test mode, try it for yourself.

[agtlewis]

How many people have tested this? I don't have an account with them but I would like to know how many others this happens too.

[Mark1]

I have tested this. It seems that you need to make sure you have 2 things done.

 

 

1) Take your OSCommerce shopping caart out of test mode. (you said you had already done this)

 

2) You need to take your authorize.net out of test mode as well. Authorize.net will accept any card number when it is in test mode. Use the settings in your authorize.net to do this.

 

After BOTH are taken out of test mode, you should not have this problem, because authorize.net will decline the test card #4111111111111111.

 

Let me know how this works.

 

Mark

[rstn123]

neither is in test mode and it sends the approved email.

[ksn]

I can't seem to find any information about the test mode and how to disable it. Can someone tell me the link to info or how to disable test mode?

[XtremeCarAudio]

neither is in test mode and it sends the approved email.

 

regardless it is a Authorize.net problem so i would be contect them...

 

all the cart does is pass the info on to authorize.net, the cart itself does not process it, authorize.net process it, so if they are accepting it, then I would be contact them about the issue