Sage web chat supports authentication via HTTPS, but when it comes to enforcing a site’s terms and conditions, it’s not the default.
Users of the company’s popular SageChat chat service, however, can configure the service to automatically log users in with the username and password they set up in their browser.
The issue was first brought to light by the Sage user, who noted that the default login settings for the SageChat web portal had been set to require a username and a password, despite the fact that the username on his account was the same as the one used to access the site.
“If you use SageChat to sign up for a site, and you are signed in with your same password you would see a log-in prompt, but if you go to the site and log in with a different password, the login prompt does not have your name on it,” the user wrote.
“You have to click on the login link and select the correct username and the site will then automatically log you in.”
In a blog post this week, Sage’s CTO, Daniel Hensley, addressed the issue, saying the issue was due to the company not having the correct software installed on the system.
“When we created Sage, we chose a user-friendly login system that is easily accessible and simple for anyone to use.
However, it is only possible to configure the login settings on a single server,” Hensleys wrote.”
As we have now updated the software, we’ve also enabled the ability to configure login settings per user account, as well as per site.”
Sage has also confirmed to the Daily Dot that it has fixed the issue.
“We have fixed an issue where some users were not able to login to Sage Chat.
This was due solely to the fact the Sage Web Portal did not support HTTPS and required the username used to sign in to the portal to be the same username used when signing in with Sage,” a Sage spokesperson told the Daily Dog.
“Sage Web Portal has now been updated to use HTTPS for login and to include a user sign in option to enable password verification.”
Follow Daniel Hengley on Twitter: @danielhengley