Details
-
Bug
-
Resolution: Fixed
-
Medium
-
7.4.8, 7.13.0, 7.13.7, 7.13.8
-
None
-
5
-
Severity 2 - Major
-
14
-
Description
The fix for this bug will be released to our Long Term Support release.
The fix for this bug has been approved for backport and will be available in an upcoming 7.13 release of Confluence. Check the fix-version field for details.
Problem
Failed login attempt from anonymous users can trigger captcha for all users.
Environment
Confluence v7.13
Steps to Reproduce
Attempt to login to Confluence via the following endpoint multiple times; Usually 3, which is the default limit before captcha is triggered.
curl -X POST \ -H 'Content-Type: application/x-www-form-urlencoded' \ -d 'os_username=&os_password=test&login=Log+in&os_destination=' \ '<Confluence_Base_URL>/dologin.action'
Expected Results
The login will fail, although, the login page for all other users in Confluence shouldn't be impacted.
Actual Results
A captcha is seen for any login page in Confluence. All users in Confluence will have to enter captcha to login.
Workaround
There are a couple of workarounds for this,
- Restart Confluence
- Flush cache for logins
- General Configuration > Cache Management > Login Manager - Login attempts for unknown users > Flush