SMF Development > Fixed or Bogus Bugs

[3022] CAPTCHA issue in SMF 2.0

(1/2) > >>

aldo:
I think I found a problem with SMF's CAPTCHA system, at least in 2.0 (Could be in 1.1.x, but I haven't really tried), because I have noticed on registration, if you get the wrong letters and what not on the CAPTCHA, the same exact text is displayed.
 
Even though the image is somewhat redone, like the colors are different, position is a bit different, but the text is exactly the same. So basically, a bot could try many many combinations until it got it because the images text would never actually change. Now I could understand if the text in the image stayed the same for a couple times, because sometimes it can be a bit hard, but practically keeping the same exact text as long as you don't click the register link again, the text won't change.

metallica48423:
I believe it's intended.  If you were to close your browser and reopen it, it'd be different, as it's now a different session entirely.

I believe it's an accessibility feature, so that people with limited sight can request a new version of the image they might be able to see more clearly without losing what they've worked out.

karlbenson:
I believe you get 3 or 4 attempts at it.  Then it will change.

This is too many attempts for my liking. It makes smf a far too attractive proposition to spammers.
I'm going to add this on the bug tracker. (private report) http://dev.simplemachines.org/mantis/view.php?id=3022

aldo:
Sweet.

Yeah that was why I posted this. It was one thing to have it redo it a few times, but the ability for it to do it forever (in theory) isn't good.

karlbenson:
Its 3 attempts then it changes (just tested).

But I think 1 attempt is enough, then it should changes.
+ limit to 3 refreshes of the image.

Navigation

[0] Message Index

[#] Next page

Go to full version