Catpcha can be bypassed

  • johnmartelle

    (@johnmartelle)


    10 years, 7 months ago

    On the wp-login.php page the no captcha recaptcha doesn’t have to be entered to gain access to wordpress. If you input a correct username and password but not the no captcha recaptcha it does not throw an error. You only get an error if you don’t put in a password. I suggest you look into this.

    https://wordpress.org/plugins/bwp-recaptcha/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Khang Minh

    (@oddoneout)

    10 years, 7 months ago

    This was addressed a long time ago but I will take a look again. Thanks for reporting.

    Plugin Author Khang Minh

    (@oddoneout)

    10 years, 5 months ago

    I’ve been trying to reproduce this issue without success. Cases I’ve tried:

    – Input nothing: no error shown. (Perhaps this can be tweaked to show the captcha error, but since nothing is provided it might not worth the trouble to check captcha at all.)

    – Input user WITHOUT password (either correct or not), WITHOUT captcha: Captcha error only.

    – Input user WITH password (either correct or not), WITHOUT captcha: Captcha error only.

    – Input user WITH password (incorrect), WITH captcha: Username or password error, no captcha error.

    If anyone’s having the same issue please report, I need more info to reproduce the bug.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Catpcha can be bypassed’ is closed to new replies.