wpForo 1.x.x [Closed] Recaptcha bug

How-to and Troubleshooting

Last Post by Robert 6 years ago

2 Posts

2 Users

1 Reactions

1,203 Views

RSS

Posts: 23

Mistral

Topic starter

Mar 14, 2019 8:45 am

(@mistral)

Eminent Member

Joined: 6 years ago

Hi Guys

I have found a fairly serious issue with the implementation of the recaptcha for the 'registration' process. Login and password reset do not seem to be affected. I don't know about other instances.

https://wpforo.com/community/?wpforo=signup

If you try to register with an existing username and do not check the recaptcha, you will still receive an error that the user already exists and the email is in use.

This defeats the purpose of recaptcha to protect the form, as the ONLY response from the form when the recaptcha is missing, should be that there is a recaptcha error. Currently it would be possible to brute force checking usernames and emails regardless of there being the recaptcha.

I'm hoping this can be fixed without too much effort.

Regards

Mistral

1 Reply

Posts: 10587

Robert

Admin

Mar 15, 2019 8:55 am

(@robert)

Support Team

Joined: 9 years ago

Good point. The reCAPTCHA we'll take a look on this.

In case you want to say thank you !)
We'd really appreciate and be thankful if you leave a good review on plugin page. This is the best way to say thank you to this project and support team.

15 Forums
13.9 K Topics
68.5 K Posts
7 Online
9,802 Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed