[Resolved] CAPTCHA is inefficient – form tries to login first, then checks CAPTCHA value
That means if I fill-in the correct username, wrong password and wrong CAPTCHA, the login page returns:
ERROR: The password you entered for the username <my_famous_username> is incorrect. Lost your password?
Which means it first tries to login, then verifies CAPTCHA. This is incorrect and makes CAPTCHA (as protection against automated login atempts) inefficient, because this way the attacker gets to know the correct and real username!
- The topic ‘[Resolved] CAPTCHA is inefficient – form tries to login first, then checks CAPTCHA value’ is closed to new replies.