Buy Jsy

E-commerce website with insecure login and registration pages

http://buyjsy.com/index.php?route=account/register

What is the problem?

Account login via insecure connection. Account registration collects personal details, user name, and password over an unencrypted connection.

This website’s privacy policy claims: “We work to protect the security of your information during transmission”, which is misleading at best.

Disclosure Policy

Prior to public disclosure, notification about any privacy or security issues discovered were sent by email to the operator of this website on 5th October 2015, using either an email address publicly discoverable on the site, or the RFC 2142 standards compliant address "webmaster@..." if no public email address was provided.

At time of posting the issue had not yet been resolved.