I was under the impression that when a user account is locked out, that particular user shouldn't be able to checkout whatsoever, and it appears so when you first try to log in - it gives a message that you are "locked out."  But when you first add items to the cart then do the checkout process by going through the checkoutanon.aspx and attempt to log in, it allows you to login and finish the process.  Another words, signin page appears to be working correctly, but checkoutanon page doesn't.

Any of you noticed this issue?

in MultiStore by (130 points)
edited by
I am able to confirm this behavior in v9.2.0.

This happens up to the latest version.

1 Answer

0 votes
This may constitute a security vulnerability in the application code.

I strongly encourage you to open a support ticket with Vortx regarding this issue. I would, but I'm running a forked version of 9.2 re-sold to us by a third-party vendor.
by (3.7k points)
I do have a solution for this by modifyng the code in a couple of spots, but I figured there's a logincal reason why this "issue" was left alone until now.  I just wanted know if any of you know about this.