Jump to content

ESET - Buy page not encrypted!


Recommended Posts

Hi all,

 

I was looking at the buy page of ESET and I noticed something strange. Clicking on the shop button on ESET international website, opens the follow website:

 

hxxp://www.nod32.pt/purchase/index.php - This website isn't using an encrypted connection, and that's bad since it ask for all the client personal information to buy the license.

 

But if open ESET International website and select the country first, then when you press "shop" the domain is different (loja.eset.pt) and that page is using HTTPS.

 

So the problem is on the international website that redirects to a un secured page when your IP is from Portugal.

 

P.S: I use ESET since NOD32 v2.7, so I'm a huge fan :)

 

Thanks.

post-5145-0-02001200-1445096766_thumb.png

Edited by EAV8
Link to post
Share on other sites

No, this is the original ESET website. I will try to explain it better:

 

If you go to eset.com/pt (Portuguese Website) and press shop button you are redirected to loja.eset.pt. This Website (loja.eset.pt) is using a secure connection.

If you go to eset.com/int (International Website) and press shop button, you are redirected to nod32.pt/purchase. This website (nod32.pt/purchase) is using a non secure connection.

The ESET International website redirects you to your country shop when you click the "shop" button, but, for some reason, the international website is redirecting Portuguese IP's to the wrong page (nod32.pt/purchase) instead of (loja.eset.pt). So, the problem is on the redirect made by the international website, you can only test it if you access the international website using a Portuguese IP.

Edited by EAV8
Link to post
Share on other sites

Hi @TomasP

 

I contacted ESET Portugal and they said that they will fix the problem and offered me a 30 days trial lol :P (The international page should redirect to "loja.eset.pt" instead of "nod32.pt/purchase".)

 

Have a nice day ;)

Edited by EAV8
Link to post
Share on other sites

In many cases like this there is an https frame inserted in the http website - check whether this is not the case.

Come on. That's not secure at all.

 

Any attacker could simply inject JavaScript into the HTTP site and send all data entered to itself.

An HTTPS-IFrame does not help in any way to prevent this.

Edited by rugk
Link to post
Share on other sites
  • ESET Moderators

Hi rugk, I am not saying we do it like that. I just mentioned that I saw it implemented this way and asked whether it was the case here as well.

Link to post
Share on other sites

But you do it like that. I've seen it on some sites which do so.

Additionally why do you ask if you don't use it? What would have been your answer if he had said "Yes"? That everything is alright?

IMO this was implied by this question.

Link to post
Share on other sites
  • ESET Moderators

That was a clarifying question, to know which direction the discussion should head.

In case you are aware of such implementations on ESET's website, please contact me.

Link to post
Share on other sites
  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...