Summary

CAPTCHA validation fails during signup

Version info

• Issue affects v9.2.4, 9.4.1, 9.3.2.
• I have tested v8.5.22, the issue doesn't surface.

Issue Summary

When CAPTCHA is enabled for the user signup, the validation always fails despite providing the correct characters.

Steps to Reproduce

1. Configure an SMTP server to enable outgoing emails.
2. Navigate to the Spam Prevention table and turn ON CAPTCHA.
3. Navigate to the Users tab -> User Signup Options -> Enable 'Allow people to sign up to create their account' option
4. Open an incognito browser window and click on the 'Sign up' button
5. Input the username, email, password and CAPTCHA. You will find the CAPTCHA validation always fails.

Expected Results

• CAPTCHA validation should succeed with the correct characters input.

Actual Results

• CATCHA validation fails with the below exception repetitively.
  • 
  • 
• The following appears in the atlassian-confluence-security.log file.

2025-05-28 06:41:16,715 ERROR [http-nio-8090-exec-22 url: /confluence/dosignup.action] [atlassian.confluence.security.DefaultCaptchaManager] forceValidateCaptcha The ImageCaptchaService encountered an error while attempting to validate the captcha response for captcha id 0.9500082249888796 and response chaing
 -- url: /confluence/dosignup.action | userName: anonymous | action: dosignup | referer: https://linux-101772.prod.atl-cd.net/confluence/signup.action?token=a01a0fe1afbcbdf5 | traceId: c55e7186c32f3174
com.octo.captcha.service.CaptchaServiceException: Invalid ID, could not validate unexisting or already validated captcha

Workaround

• Turn off CAPTCHA from the Spam Prevention tab to disable the CAPTCHA validation.