The current CAPTCHA implementation may not be secure

XMLWordPrintable

    • Type: Bug
    • Resolution: Answered
    • Priority: Low
    • None
    • Affects Version/s: 4.1
    • Component/s: None
    • 4.01

      The current CAPTCHA implementation displays a different message if the CAPTCHA is being displayed and the captcha is entered correctly but the password for the user is not, than if the CAPTCHA is entered incorrectly. This is giving away more information than a login screen should. The error message that is displayed whilst a captcha is being displayed should remain constant.

      eg. "Sorry, your username, password or captcha is incorrect - please try again."

            Assignee:
            metapoint
            Reporter:
            François Nonnenmacher
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: