CAPTCHA allows login with incorrect or no answer

  • Resolved johndball

    (@johndball)


    7 years, 6 months ago

    All of the websites we manage use the AIOWPS plugin with login CAPTCHA. These sites are on different hosts using different vendors (Rackspace, our own cloud, Godaddy, etc.).

    A common issue we’ve seen with the AIOWPS plugin is that it is allowing login without the need to solve the CAPTCHA challenge and/or allows incorrect submissions.

    Obviously this is a big problem as the intended security protection is missing…

    Wordpress: 5.0.1
    AIOWPS: 4.3.8.1
    Host: (varies) Godaddy, Rackspace, JLTCtech cloud
    Server: (varies) Ubuntu 18.04 Apache2

    • This topic was modified 7 years, 6 months ago by johndball. Reason: Removed URL of failed security page for security reasons
Viewing 6 replies - 1 through 6 (of 6 total)
  • Jacek Plewa

    (@studiojp)

    7 years, 6 months ago

    Confirm problem with no Captcha checking on login site – very important to be immediately fixed!
    Tested on ver. 4.3.8.1 on many sites with Google reCaptcha as well as match Captcha turned on.

    Plugin Contributor wpsolutions

    (@wpsolutions)

    7 years, 6 months ago

    Hmm thanks for the heads-up.
    I thought I just fixed this and released but I realised that I didn’t. 🙁
    Please ignore the last minor release.
    I will keep investigating and find a fix soon.

    Thread Starter johndball

    (@johndball)

    7 years, 6 months ago

    Thanks wpsolutions!

    Plugin Contributor wpsolutions

    (@wpsolutions)

    7 years, 6 months ago

    I found that the cause was the priority value of the authentication hook which I changed recently.
    Please try the new patch.

    Thread Starter johndball

    (@johndball)

    7 years, 6 months ago

    Working now on version 4.3.8.3.
    Tried logging in with u/p and no CAPTCHA = error
    Tried logging in with u/p and wrong CAPTCHA = error
    Tried logging in with u/p and correct CAPTCHA = success

    Jacek Plewa

    (@studiojp)

    7 years, 6 months ago

    Confirm, working now on version 4.3.8.3.
    Thanks @wpsolutions!

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘CAPTCHA allows login with incorrect or no answer’ is closed to new replies.